Custom Events Webhook

Send events from unsupported data sources to Radiant Security

The Custom Events Webhook lets you send events from data sources that don't have a dedicated Radiant connector into the platform using a standard HTTP POST request. Events must be valid JSON and are available for searching in Log Manager under the connector type custom_events_webhook. Where a dedicated connector exists for your data source, use it instead - dedicated connectors provide richer context and full AI triage processing.

Note: Events received through the Custom Events Webhook bypass AI alert triage processing. Successfully parsed events appear in the Log Manager parsed index. Events that fail parsing appear in the unparsed index.

Prerequisites

Before you configure the Custom Events Webhook, confirm you have:

Administrator access to Radiant
Access to the data source or system that will send events to the webhook endpoint
The ability to make outbound HTTP POST requests from that source to the Radiant API endpoint

Add the connector in Radiant

Log in to Radiant Security.
From the navigation menu, select Settings > Data Connector and click + Add Connector.
Select Custom Events Webhook from the list and click Data Feeds.
Under Select your data feeds, select Custom Events Webhook and click Credentials.
In the Credential Name field, enter an identifiable name for this credential (for example, Custom Events Webhook Credentials).
Under Required Credentials, enter a value in the Connector tag field. This can be any string. Radiant uses this value as salt when generating the authentication token for your connector.
Click Add Connector.
Open the newly created connector. Under Vendor Configuration, copy and save the Webhook URL and Token values. You will need both in the next section.
Click Add Connector to save your changes.

Send events to the webhook

Once the connector is configured, your data source sends events to the Radiant webhook endpoint using the following specification.

Important Note: Treat the Token value as a secret. Anyone with access to this token can post events to your connector. Do not expose it in client-side code or shared logs.

Request details

Component

Value

Method

POST

URL

https://api.app.blastradius.ai/connectors/custom_events_webhook/webhook

Authorization

None

Header

The token copied from the Data Connectors configuration screen in step 8

Request body

The request body must be valid JSON. Nested objects and lists are supported.

timestamp is a required field with the value in epoch seconds (seconds since 1970-01-01 00:00:00 UTC), all other fields are optional, and serve as additional key-value pairs describing the event.

Example request body

{
  "timestamp": 1773270998,
  "event_name": "Outbound connection to external IP",
  "user_email": "[email protected]",
  "ip_address": "192.168.1.1",
  "port": 12345,
  "bytes": 6789
}

Verify ingestion

After sending a test event, confirm the data is flowing into Radiant correctly:

In Radiant, navigate to Log Management.
Search for events with connector type custom_events_webhook (rs_connectorType:"custom_events_webhook")
Confirm your test event appears in the parsed index.

If the event does not appear in the parsed index, check the unparsed index. An event in the unparsed index means the request body was not a valid JSON.

PreviousExecute Response Actions with Crowdstrike OAuth2 NextDarktrace Email

Last updated 22 hours ago

Was this helpful?

Good evening

hashtagPrerequisites

hashtagAdd the connector in Radiant

hashtagSend events to the webhook

hashtagRequest details

hashtagExample request body

hashtagVerify ingestion

Prerequisites

Add the connector in Radiant

Send events to the webhook

Request details

Example request body

Verify ingestion