Webhooks

Webhooks allow you to push information from external sources to notify Cisco XDR that something happened. Instead of using API requests, you can use a webhook to listen for that incoming data and trigger a Webhook rule to execute its associated workflow(s) when the data is received.

To use webhooks in Automation, verify that your request uses a supported Content-Type header. Then, create the webhook and a Webhook rule. Finally, associate a workflow to the rule, and add an activity to the workflow that executes when it's triggered. The incoming webhook will cause the rule to trigger the workflow.

Note:

To ensure platform integrity, there are some rate limits set for webhooks:

  • Webhooks support an individual payload size of up to 1 MB.
  • The maximum number of webhooks allowed is 30 per organization.
  • An external event can trigger a workflow up to 10 times per minute.