# Salt Security Salt Security is an API security platform that detects attackers probing and abusing production APIs, including credential abuse, scraping, business logic abuse, and exploitation of unauthenticated endpoints. Connecting Salt Security forwards Attackers and Remediations events to Radiant Security via webhook. Radiant uses this telemetry to surface anomalous API behavior, correlate it with identity and endpoint activity, and prioritize the alerts that warrant analyst attention. ### Prerequisites * [ ] Customer Admin role in the Salt Security platform * [ ] Administrator role in Radiant Security ### Add the data connector in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings** > **Data Connectors**, then click **+ Add Connector**. 3. Search for and select **Salt Security**, then click **Data Feeds**. 4. Under **Select your data feeds**, select **Salt Security (Webhook)**, then click **Credentials**. 5. Under **Credential Name**, enter an identifiable name for the credential (e.g., `Salt-Credentials`). To reuse an existing credential, select it from the drop-down menu. 6. Under **Required Credentials**, enter a value in the **Connector tag** field. This can be any string. Radiant uses this value as salt when generating the authentication token for your connector. 7. Click **Add Connector**. 8. Open the newly created connector. Under **Vendor Configuration**, copy and save the `Webhook URL` and `Token` values. You will need both when configuring Salt Security. 9. Click **Done** to save your changes. {% hint style="warning" %} Treat the `Token` value as a secret. Anyone with access to this token can post events to your connector. Do not expose it in client-side code, version control, or shared logs. {% endhint %} ### Configure the Custom Webhook integration in Salt Security Salt Security forwards events to Radiant through two Custom Webhook integrations: one for **Attackers** events and one for **Remediations** events. Configure each integration separately, reusing the same `Webhook URL` and `Token` you copied from Radiant. {% hint style="info" %} For deployment assistance, work with your Salt Security Solutions Engineer. {% endhint %} ### Configure the Custom Webhook integration in Salt Security Salt Security forwards events to Radiant through two Custom Webhook integrations: one for **Attackers** events and one for **Remediations** events. Configure each integration separately, reusing the same `Webhook URL` and `Token` you copied from Radiant. {% hint style="info" %} For deployment assistance, work with your Salt Security Solutions Engineer. {% endhint %} {% stepper %} {% step %} #### **Install the Custom Webhook integration** Sign in to the Salt Security platform as a Customer Admin and navigate to **Settings** > **Deployment** > **Integrations**. In the **Available for Installation** list, locate **Custom Webhook** and click **Install**. {% endstep %} {% step %} #### **Configure the Attackers webhook** Click **Setup** on the newly installed Custom Webhook integration and enter the following parameters: * **Integration Nickname:** `Radiant Security Webhook Integration - Attackers` * **URL:** the `Webhook URL` you copied from Radiant. * **Event Type:** `Attackers` * **Method:** `POST` * **Custom header:** name `x-rs-token`, value the `Token` you copied from Radiant. * Select **Trigger Automatically**. Click **Install**, then click **Test Integration** to verify connectivity. {% endstep %} {% step %} #### **Configure the Remediations webhook** Repeat the previous step to install a second Custom Webhook integration for the **Remediations** event type. Use the same `Webhook URL` and `Token` values, and set: * **Integration Nickname:** `Radiant Security Webhook Integration - Remediations` * **Event Type:** `Remediations` {% endstep %} {% endstepper %} ### Verify ingestion After saving each Custom Webhook integration in Salt Security, confirm that events are reaching Radiant: 1. In Radiant Security, navigate to [Log Management](https://app.radiantsecurity.ai/logs). 2. Search for events with the connector type `salt_webhook` (`rs_connectorType:"salt_webhook"`). 3. Confirm test events from both the Attackers and Remediations integrations appear in the parsed index. {% hint style="info" %} Allow several minutes for events to be parsed, indexed, and available for search. Events that fail parsing appear in the unparsed index. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/salt-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.