Webhook
The Webhook integration allows you to forward ARMO runtime and security events to any external system that supports receiving HTTPS POST requests.
Prerequisites
Before configuring the webhook integration, ensure:
- You have an HTTPS endpoint that can receive JSON payloads via HTTP POST.
- Access to the ARMO Platform with Manager or Admin permissions
Step 1: Prepare Your Webhook Receiver
- Provide a secure HTTPS URL (e.g.
https://example.com/armo-webhook). - Ensure it accepts JSON via POST.
- [Optional] Custom request headers
Step 2: Configure the Webhook Integration in the ARMO Platform
- In the ARMO Platform, navigate to:
Settings → Integrations → SIEM → Webhook - Click Connect on the Webhook card.
- Click Add Webhook.
- Fill in the following fields and click Save to finalize the configuration.
| Field | Description |
|---|---|
| Name | Friendly name for the integration (e.g., Webhook-Prod) |
| Webhook URL | Full HTTPS URL to send events to |
| Custom Headers (optional) | Authentication or additional headers (e.g., Authorization: Bearer <token>) |
Step 3: Validate the Integration
- Click the Send Test Message icon in ARMO to trigger a sample event.
- Inspect your webhook receiver logs and verify:
- The POST request arrived
- The payload matches expectations
- The endpoint responded with HTTP 200
- Optionally trigger a real runtime incident or policy update to confirm end-to-end forwarding.
What Events Are Streamed?
https://hub.armosec.io/docs/siem#/
Updated 6 days ago