Set up Outgoing Webhooks

Integrate with Radiant Security to receive real time updates on your alerts.

In this guide, you will configure a webhook in Radiant Security to receive real-time updates on alerts, including enrichment results, analysis, and conclusions.

Originating IP addresses

Every webhook request that Radiant Security originates comes from one of our static IP addresses. You may need to allow list these IP addresses so that they can reach your system. Here are Radiant Security’s static IP addresses:

Radiant Security static IP addresses

100.21.80.201

52.11.97.167

35.164.70.154

Manage webhooks through Radiant Security

To access Radiant Security’s webhook management:

  1. Log in to Radiant Security.

  2. From the navigation menu, click Settings > Outgoing Webhooks.

  1. To create a new Webhook, click + Add Webhook.

  1. Add the Webhook Name, the Destination URL and select the alert triggers you're interested in.

  2. Click Next.

  1. Under Custom Header Authentication, enter the Header Name and Header Value.

  1. Click Test Connection to validate that the connection is successful.

  1. Click Save Webhook.

Note: If you experience any issue while setting up Outgoing Webhooks, please reach out to your Customer Success Manager for assistance.

Webhook payload

The webhook payload has the following schema:

Property

Description

Type

One of

rawAlert

The alert as ingested from vendor

object

rs_alertId

The unique ID of the Radiant alert

string

rs_alertVendor

The vendor that originated the alert

string

rs_alertNumber

The number code that uniquely identifies that alert in your Radiant environment, e.g. ALERT-1234

string

rs_tenantDisplayName

The name of your tenant within Radiant which originated the webhook

string

rs_alertUrl

The URL that points to that alert in Radiant’s UI

string

rs_conclusion

A summary of Radiant AI conclusion

string

rs_keyFindings

The key findings of the alert triage by Radiant AI

array of strings

rs_alertBrief

A brief of what happened

object

rs_alertBrief.summary

A summary of what happened

string

rs_alertBrief.intent

A summary of the attacker’s intent

string

rs_webhookTriggerTimestamp

The timestamp is in ISO 8601 format (e.g., 2025-05-14T21:37:56.840Z) and represents the time in UTC for when the webhook’s trigger event happened

string

rs_webhookTriggerType

The event that triggered this specific webhook

string

alert.recommended_benign, alert.recommended_malicious, alert.recommended_likely_benign, alert.marked_benign, alert.marked_malicious

rs_alertArtifacts

The entities involved, structured in categories by type of artifact (e.g. users, IPs, sensors, etc.)

array of objects

rs_alertArtifacts[].type

The type of that alert artifact

string

URL, File_Hash, User, IP, Sensor, Cloud_Resource, CVE, Unknown

rs_alertArtifacts[].value

The value of that alert artifact

string

rs_alertArtifacts[].enrichments

The enrichments that Radiant produced over that alert artifact

array of objects

rs_alertArtifacts[].enrichments.sentiment

The sentiment that Radiant AI has about that particular alert artifact enrichment

string

good, bad, informational, unknown

rs_alertArtifacts[].enrichments.description

Radiant AI’s description for that particular alert artifact enrichment

string

Payload example

The example below shows a webhook payload from Radiant Security that delivers a detailed alert, including summary, analysis, conclusions, and enriched context about related users, IPs, files, and devices.

PreviousSubmit a feature requestNextSet Up Jira to Receive Radiant Outgoing Webhooks

Last updated