How to Configure the Webhook Collector
Learn how to push data from external systems into DigitalStakeout XTI using the Webhook Collector for real-time integration and automation.
How to Configure the Webhook Collector
The Webhook Collector allows external systems and services to push JSON-formatted data directly into DigitalStakeout XTI in real time. This enables automation, interoperability, and enriched situational awareness across your intelligence workflows.
Use Cases
- 🔔 Real-Time Alert Forwarding — Route alerts from third-party systems into XTI for triage and escalation
- 🔗 Integration Bridge — Connect SOAR tools, SIEMs, or custom apps directly to your monitoring stack
- 🧩 Custom Ingestion — Capture structured data from proprietary sources or APIs into XTI
- 📊 Cross-System Enrichment — Push processed output into XTI for further tagging, correlation, or alerting
Setting Up the Webhook Collector
1. Create a New Collector
- Navigate to XTI → Setup → Collectors
- Click Add Collector
- Select Webhook Collector
2. Configure Collector Settings
| Field | Description |
|---|---|
| Collector Name | Required name to identify and tag incoming data |
| Status | Enable or disable the collector |
| Expires On | Set an optional deactivation date |
After saving, XTI will generate a unique Webhook URL for this collector.
3. Sending Data to the Webhook
Your external system must:
- Send a POST request to the provided Webhook URL
- Include valid JSON payloads (with required or custom fields)
- Ensure delivery is over HTTPS for transport security
Example curl request:
curl request:curl -X POST https://webhook.digitalstakeout.com/api/<your_collector_id> \
-H "Content-Type: application/json" \
-d '{"event":"login_failure","user":"jdoe","ip":"10.1.1.1"}'4. Data Processing in XTI
Once received, the data:
- Is parsed and normalized
- Becomes visible in the XTI Console as an event
- Inherits the collector’s tags and timestamp
- Can be searched, filtered, correlated, and alerted on using standard XTI workflows
Best Practices
- 🧪 Test with dummy payloads before going live
- 🔐 Secure source systems to prevent misuse of the Webhook endpoint
- 🧩 Tag collectors by source or function for easier downstream filtering
- 📁 Integrate with Playbooks or Keyword Feed for correlation
Example Scenarios
- Send CrowdStrike or SentinelOne detection alerts to XTI
- Forward IoCs from a threat enrichment pipeline
- Push phishing reports from a corporate mailbox processor
- Post suspicious login events from a custom-built authentication system
For supported schema examples or webhook rate limits,
visit the Webhook Collector product page.
Updated 2 days ago