WebhooksConsiderations

Considerations

Before implementing outgoing Webhooks for publications - such as Incidents, Vulnerabilities or Threat Events - we encourage you to make relevant security considerations. While Webhooks are secure and encrypted, we recommend that you

  • Ensure to have implemented access control in the receiving application and channel where publications are posted.

  • Consider how to handle the incident data in the receiving application. Publications may contain user details, or other sensitive information.

  • Treat the HTTP URL / Web request URL as a secret in your incoming Webhook configuration for Microsoft Teams and Slack. It will not be available in the Truesec Portal Webhook management after initial setup.

  • Review the publications variables included in the default Teams Adaptive Card and the Slack messages.

Do note that you can remove variables (such as configuration items and technical details) and refer to the case in the Truesec Portal for additional details. The publication in the Portal is accessible only by authenticated users according to their Tenant and Workspace roles.

Truesec SOC generally requires security teams to be reachable via a central email, and defined contacts, for case follow-up. A Webhook is an additional dispatch method.