Integration Setup
Configure webhooks from your security tools to send alerts to Pilot. All integrations use the same pattern: configure your tool to POST to your Pilot webhook URL.
Receives threat alerts, agent status changes, and policy violations from SentinelOne Management Console.
1.In S1 Console go to Settings → Notifications → Webhook.
2.Add a new webhook with URL: https://app.verbospilot.com/ingest/sentinelone
3.Select event types: Threats, Agents, Policy.
4.Optionally set S1_WEBHOOK_SECRET in Pilot .env for signature verification.
curl -X POST https://app.verbospilot.com/ingest/sentinelone \
-H "Content-Type: application/json" \
-d '{"event":"THREATS_CHANGE","data":{"threatInfo":{"threatName":"Malware.X"}}}'
Receives security alerts from Microsoft Defender for Endpoint, Defender for Cloud, and Microsoft Sentinel.
1.In Sentinel go to Configuration → Logic Apps or Automation Rules.
2.Create a Logic App that triggers on Alert and POSTs to: https://app.verbospilot.com/ingest/microsoft
3.Map alert fields to the Pilot payload schema.
Receives GuardDuty findings via EventBridge → SNS → HTTP endpoint.
1.In AWS Console, create an EventBridge rule targeting GuardDuty findings.
2.Add an HTTP target: https://app.verbospilot.com/ingest/guardduty
3.Alternatively use SNS → Lambda → HTTP for custom transformation.
Receives alerts from Wazuh SIEM via custom integration script.
1.Add a custom integration in /var/ossec/etc/ossec.conf:
<integration>
<name>custom-pilot</name>
<hook_url>https://app.verbospilot.com/ingest/wazuh</hook_url>
<level>7</level>
<alert_format>json</alert_format>
</integration>
All integrations support optional HMAC-SHA256 signature verification. Set the corresponding *_WEBHOOK_SECRET environment variable in your Pilot .env file to enable it. If no secret is set, all requests are accepted (backwards compatible).