Skip to main content

Alert Ingestion Workflows

  • Each Subflow consists of one or two key steps:
  1. Alert Retrieval (Optional):
    In some cases, an additional API call is required after receiving the initial webhook to obtain complete alert details. For example, this may occur when integrating with platforms like CrowdStrike, where the webhook does not provide all the necessary information.

  2. Create Alert:
    This action logs the retrieved alert into the Case Management system, ensuring it is properly saved and available for further analysis or remediation.

Example of an Alert Ingestion Workflow

Thumbnail