Using Webhook Triggers in Swimlane Turbine

webhooks in turbine enable seamless real time communication by facilitating data exchange between third party services and turbine records webhooks act similarly to api callbacks, allowing playbooks to receive and process data without complex polling mechanisms as an orchestrator, you can easily configure a webhook, generating a unique url to integrate a playbook with web applications for automated data processing you do not need to select a trigger before adding and configuring actions or components in a playbook viewing existing webhooks to view existing webhooks in turbine navigate to orchestration in the platform click webhooks you can toggle the disabled button to enable or disable a webhook click a webhook to view or modify its settings and logs the filter by name option helps you quickly find a specific webhook create webhook triggers one common use of webhooks is to ingest or push data, such as importing alerts into a playbook to configure a webhook trigger in a playbook, from the add panel, click and drag catch webhook to the canvas hover over the plus icon to add it to the canvas the trigger panel displays to the right of the canvas, where you can configure the webhook trigger edit webhook settings to configure webhook specific settings such as the url or authentication in the trigger panel, click edit webhook in the settings tab copy the webhook url to use with external systems add or update the description if needed click the enabled toggle to activate or deactivate the webhook add authentication expand the authentication object and configure one or both of the following basic authentication add a basic authentication object provide username password shared secret authentication add a shared secret authentication object provide secret – the value to verify incoming requests secret format – for example, plaintext secret location – where to extract the secret from (request body, header, or query parameter) webhook logs view webhook request logs to verify that payloads are being received use the word wrap toggle for better readability click jump to date to find logs for a specific time window note use the logs tab to troubleshoot issues such as missing payloads or authentication failures this is especially useful when testing new integrations configuring webhook events and mapping outputs to configure the webhook, fill in the following fields webhook trigger fields field information webhook title required field enter a human readable name for the webhook this can be changed later webhook name required field enter a key for referencing this webhook it must contain only letters, numbers, or underscores click the lock icon to enable changes to the name description enter an optional description for the webhook generate url note you must generate and share the url with the third party service to begin receiving events click this button to generate the webhook url after creating your webhook and generating the url, send a test payload to the url from your third party tool (for example, siem or crm) then follow these steps to configure how your playbook uses the data in the trigger panel, click configure navigate between the available tabs webhook events – view incoming webhook events triggered by payloads sent to the url outputs – lists available output fields from payloads filter – define logic to determine when the playbook should run using conditions based on payload fields to map values from an incoming webhook payload go to the webhook events tab expand any event you can copy the result from the result tab click discovered outputs to expand and view available fields from the payload select the desired fields and click add selected to outputs these fields will then appear in the outputs tab for mapping in downstream actions webhook use cases below are some examples demonstrating how webhooks can facilitate real time automation within turbine, integrating external systems into your playbooks example 1 ingesting security alerts from an external system scenario you use a security information and event management (siem) platform like splunk or ibm qradar when an alert is generated, you want to ingest this information into turbine to automatically start a playbook for alert triage and response steps create a webhook in turbine called "ingest alert" generate the webhook url and configure the siem to send alert data to this url map fields from the webhook payload to appropriate fields in turbine note after sending a test payload to the webhook url, go to the webhook events tab and click discovered outputs to view the payload structure from there, select relevant fields and click add selected to outputs these outputs will then appear in the outputs tab and become available for mapping in downstream playbook actions in the playbook, the following actions occur parse the alert data create a new incident in turbine assign the incident to an analyst trigger automated response actions, such as disabling accounts example payload { "alert id" "12345", "alert type" "suspicious login", "severity" "high", "timestamp" "2024 10 18t13 45 00z", "source ip" "192 168 1 100", "destination ip" "10 0 0 25" } example 2 automating customer support with a webhook from a crm system scenario you use a customer relationship management (crm) tool like salesforce or hubspot you want to automatically trigger actions in turbine when new customer support tickets are submitted through the crm steps set up a webhook in the crm system to send new ticket data to turbine configure the webhook trigger in turbine to receive the ticket details in the playbook, the following actions occur log the ticket into turbine notify the support team assign the ticket to an available support agent example payload { "ticket id" "a123", "customer name" "john doe", "issue description" "unable to login to account", "priority" "high", "created at" "2024 10 18t14 15 00z" } example 3 webhook for monitoring e commerce orders scenario you operate an e commerce platform that integrates with turbine to track and automate order processing when a new order is placed, the webhook triggers a playbook that processes the order and sends confirmation emails steps set up a webhook to trigger when a new order is placed configure the webhook in turbine to receive the order details in the playbook, the following actions occur record the order in turbine send confirmation emails update the inventory system example payload { "order id" "ord1001", "customer email" "customer\@example com", "product list" \[ { "product id" "p123", "quantity" 2 }, { "product id" "p456", "quantity" 1 } ], "total amount" "150 00", "order date" "2024 10 18t15 00 00z" } example 4 webhook for github integration scenario you use github for version control and want to trigger automated actions in turbine when certain github events occur, such as a pull request or new commit steps set up a webhook in github to trigger on events like pull requests configure the webhook in turbine to receive the event details in the playbook, the following actions occur review the pull request run automated tests notify the team if tests pass example payload { "action" "opened", "pull request" { "id" 42, "title" "update readme md", "user" { "login" "developer123" }, "body" "this is a pull request to update the readme file ", "created at" "2024 10 18t15 30 00z" }, "repository" { "name" "example repo", "url" "https //github com/example repo" } } example 5 automated data backup with webhooks scenario you want to automatically back up datasets from a cloud application whenever a specific event occurs, such as when a file is updated steps set up a webhook in the cloud application to trigger on file updates configure the webhook in turbine to receive the file details in the playbook, the following actions occur copy the file to a backup storage system log the backup event notify the admin team example payload { "file id" "1a2b3c4d", "file name" "financial report xlsx", "last modified time" "2024 10 18t16 00 00z" }