Salt Security

In this guide, you will connect Salt Security to Radiant to forward API threat data. Radiant uses this data to surface anomalies, detect suspicious API behavior, and help prioritize what matters in your environment.

Prerequisites

• Customer Admin access level

Add the data connector in Radiant Security

1. Log in to Radiant Security.

2. From the navigation menu, click Settings > Data Connectors and click + Add Connector.

3. Search for and select the Salt Security option and then click Data Feeds.

4. Under Select your data feeds, select Salt Security (Webhook) and then click Credentials.

5. Under Credential Name, give the credential an identifiable name (e.g. Salt - Credentials). If you already have a credential in place, select it from the drop-down menu.

6. In the Connector tag field, enter a random value. This value will act as the salt to randomize the unique Token you’ll download in the next step.

7. Click Add Connector.

8. Copy and save the Token value using the clipboard option, or by clicking Download File to save as a file.

9. Click Done to save your changes.

Install and configure the Webhook Integration

1. Working with your Salt Security SE, log in to the Salt Platform as the Customer Admin role and navigate to Settings > Deployment > Integrations.

2. Locate Custom Webhook in the Available for Installation list and select Install.

3. Select Setup, and enter the following parameters:

   • Integration Nickname: Radiant Security Webhook Integration - Attackers

   • URL: <unique radiant security url>

   • Event Type: Attackers

   • Method: POST

   • Create a custom header named x-rs-token. Enter the Token that you created and copied from the previous section

   • Select Trigger Automatically

4. Click Install.

5. Click Test Integration

6. Repeat the steps to create a Webhook Integration for the Remediations event type.