Threat Research

Validin introduces Support for Webhooks

Validin
Validin introduces Support for Webhooks
Validin has launched Webhooks in Beta for Enterprise users to enable real-time event ingestion for YARA rule matches and additions to threat profiles. Users can configure endpoints (including Slack) to receive HMAC SHA256-signed payloads, customize event fields, test deliveries, and build automated workflows. #Validin #YARA

Keypoints

  • Validin is releasing Webhooks in Beta for Enterprise customers to provide proactive, real-time notifications of observed events.
  • Webhooks support two sources: Projects (for YARA rule matches) and Threats (for newly observed indicators and references on threat profiles).
  • Setup is available under Tools β†’ Webhooks; creating a webhook returns a signing secret and Validin signs outbound requests with HMAC SHA256 for verification.
  • Users can configure which Projects or Threat Profiles trigger events and select exactly which fields are included in each payload; a Test button lets you validate delivery before going live.
  • A documented Slack integration demonstrates building a Slack Workflow triggered by a webhook, mapping Validin variables to message fields, and pasting Slack’s webhook URL back into Validin to receive notifications.
  • Webhooks are intended to help CTI analysts operationalize intelligence and build automated threat-hunting workflows; feedback can be sent to [email protected].

MITRE Techniques

  • [None] No MITRE ATT&CK techniques are explicitly mentioned in the article – β€˜The article does not reference any MITRE ATT&CK technique by name.’

Indicators of Compromise

  • [Domain ] Mentioned as a type of newly observed indicator on threat profiles – no specific domain examples provided in the article.
  • [IP address ] Mentioned as a type of newly observed indicator on threat profiles – no specific IP examples provided in the article.
  • [YARA rule match ] Mentioned as events from Projects (YARA rule matches) – no specific rule names or file names provided in the article.
  • [Reference ] Mentioned as newly observed references added to threat profiles (context items) – no concrete reference examples provided in the article.

Read more: https://www.validin.com/blog/validin_introduces_webhooks/