We are in the process of integrating Eramba into both our SIEM using Eramba’s APIs, and integrating our TAXII based threat intelligence into our SIEM. What we’ve seen is that our threat intelligence would like to both consume information we’re storing in Eramba (which we can readily do via Eramba’s API) but also contribute to the information tracked in Eramba regarding the incident. To do this, we would need Eramba to be able to call a REST based API
Do you plan to support calling REST based API?
You mean eramba calling APIs when an event happens? we call that webhooks , not sure if the name is right so i will put an example:
-
when an audit for a control is due eramba will trigger a a rest api call you define and pull the result of the testing from some server you have around.
-
when someone creates an incident eramba will trigger an api to some system
you mean that? we dont have it but i want it :-]
This is exactly what I’m talking about!
i really want to do this, i think eramba needs to help accomplish things in more automated ways but i also know our timelines and pending work and i know this wont happen quickly…
ref: https://github.com/eramba/eramba_v2/issues/2148
thanks for the feedback
We needed the exact same thing. Our (probably really bad) solution was to use a database trigger to execute a sys_exec() UDF.
Don’t try this at home =)