How to Configure the Webhook Collector

Learn how to push data from external systems into DigitalStakeout XTI using the Webhook Collector for real-time integration and automation.

How to Configure the Webhook Collector

The Webhook Collector allows external systems and services to push JSON-formatted data directly into DigitalStakeout XTI in real time. This enables automation, interoperability, and enriched situational awareness across your intelligence workflows.


Use Cases

  • 🔔 Real-Time Alert Forwarding — Route alerts from third-party systems into XTI for triage and escalation
  • 🔗 Integration Bridge — Connect SOAR tools, SIEMs, or custom apps directly to your monitoring stack
  • 🧩 Custom Ingestion — Capture structured data from proprietary sources or APIs into XTI
  • 📊 Cross-System Enrichment — Push processed output into XTI for further tagging, correlation, or alerting

Setting Up the Webhook Collector

1. Create a New Collector

  • Navigate to XTI → Setup → Collectors
  • Click Add Collector
  • Select Webhook Collector

2. Configure Collector Settings

FieldDescription
Collector NameRequired name to identify and tag incoming data
StatusEnable or disable the collector
Expires OnSet an optional deactivation date

After saving, XTI will generate a unique Webhook URL for this collector.


3. Sending Data to the Webhook

Your external system must:

  • Send a POST request to the provided Webhook URL
  • Include valid JSON payloads (with required or custom fields)
  • Ensure delivery is over HTTPS for transport security

Example curl request:

curl -X POST https://webhook.digitalstakeout.com/api/<your_collector_id> \
     -H "Content-Type: application/json" \
     -d '{"event":"login_failure","user":"jdoe","ip":"10.1.1.1"}'

4. Data Processing in XTI

Once received, the data:

  • Is parsed and normalized
  • Becomes visible in the XTI Console as an event
  • Inherits the collector’s tags and timestamp
  • Can be searched, filtered, correlated, and alerted on using standard XTI workflows

Best Practices

  • 🧪 Test with dummy payloads before going live
  • 🔐 Secure source systems to prevent misuse of the Webhook endpoint
  • 🧩 Tag collectors by source or function for easier downstream filtering
  • 📁 Integrate with Playbooks or Keyword Feed for correlation

Example Scenarios

  • Send CrowdStrike or SentinelOne detection alerts to XTI
  • Forward IoCs from a threat enrichment pipeline
  • Push phishing reports from a corporate mailbox processor
  • Post suspicious login events from a custom-built authentication system

🔗

For supported schema examples or webhook rate limits,
visit the Webhook Collector product page.