Integration Setup

Configure webhooks from your security tools to send alerts to Pilot. All integrations use the same pattern: configure your tool to POST to your Pilot webhook URL.

SentinelOne
EDR
Receives threat alerts, agent status changes, and policy violations from SentinelOne Management Console.
1.In S1 Console go to Settings → Notifications → Webhook.
2.Add a new webhook with URL: https://app.verbospilot.com/ingest/sentinelone
3.Select event types: Threats, Agents, Policy.
4.Optionally set S1_WEBHOOK_SECRET in Pilot .env for signature verification.
curl -X POST https://app.verbospilot.com/ingest/sentinelone \
  -H "Content-Type: application/json" \
  -d '{"event":"THREATS_CHANGE","data":{"threatInfo":{"threatName":"Malware.X"}}}'
Microsoft Defender / Sentinel
EDR / SIEM
Receives security alerts from Microsoft Defender for Endpoint, Defender for Cloud, and Microsoft Sentinel.
1.In Sentinel go to Configuration → Logic Apps or Automation Rules.
2.Create a Logic App that triggers on Alert and POSTs to: https://app.verbospilot.com/ingest/microsoft
3.Map alert fields to the Pilot payload schema.
AWS GuardDuty
Cloud
Receives GuardDuty findings via EventBridge → SNS → HTTP endpoint.
1.In AWS Console, create an EventBridge rule targeting GuardDuty findings.
2.Add an HTTP target: https://app.verbospilot.com/ingest/guardduty
3.Alternatively use SNS → Lambda → HTTP for custom transformation.
Wazuh
SIEM
Receives alerts from Wazuh SIEM via custom integration script.
1.Add a custom integration in /var/ossec/etc/ossec.conf:
<integration>
  <name>custom-pilot</name>
  <hook_url>https://app.verbospilot.com/ingest/wazuh</hook_url>
  <level>7</level>
  <alert_format>json</alert_format>
</integration>
All integrations support optional HMAC-SHA256 signature verification. Set the corresponding *_WEBHOOK_SECRET environment variable in your Pilot .env file to enable it. If no secret is set, all requests are accepted (backwards compatible).