Skip to main content

Alert Ingestion Workflows

Alert ingestion workflows are event-based workflows which is set up to trigger in real-time, meaning it responds as soon as an alert is available. It can be activated either by a webhook event (an automatic push from the vendor’s system) or by polling (Blink’s system periodically checks for new alerts). This setup allows the workflow to immediately capture alerts as they happen, maintaining continuous, up-to-date alert monitoring.Once triggered, it creates an alert record in Blink’s Case Management, using the alert payload directly from the selected vendor.


Example of an Alert Ingestion Workflow

Thumbnail

In-Depth Overview of the "Alert Ingestion" Subflow

Each subflow consists of one or two key steps:

  1. Alert Retrieval (Optional):

    In some cases, an additional API call is required after receiving the initial Webhook to obtain complete alert details. For example, this may occur when integrating with platforms like CrowdStrike, where the Webhook does not provide all the necessary information.

  2. Create Alert:

    This action logs the retrieved alert into the Case Management system, ensuring it is properly saved and available for further analysis or remediation.