Identity threats are evolving, and staying a step ahead is paramount.
We’re proud of the work we’ve done to pioneer Identity Threat Detection and Response (ITDR), helping to make sense of the vast amount of identity data with a new approach that isn’t encumbered by the limitations of SIEM or CIEM platforms.
The robust detections (Oort checks) built by our data science team are essential for providing incisive insights without the usual noise that plagues identity log detections. You can learn more about each of our 50+ checks at https://docs.oort.io/oort-insights.
But having detection capabilities isn't enough. The ability to swiftly operationalize this data into actionable workflows is critical. That’s precisely what we’re aiming to achieve with our new webhook feature.
Oort Checks: A Quick Refresher
For those unfamiliar with Oort’s checks, let us give you a quick refresher. We integrate with all of your identity providers to continually monitor for issues with identity posture while rapidly detecting identity threats. Our data science team has built some pretty awesome checks that can be used straight away. What’s even better is that these checks provide deep insights without the noise you normally associate with detections using identity logs. In fact, we’ve been told we reduce the false positive rate of Microsoft risky user alerts from over 90 percent to less than 15 percent.
How? Unlike many platforms that correlate data from a single identity provider, Oort stands out because it amalgamates data from multiple identity providers. This approach, combined with the meticulous work of our dedicated data science team, ensures that our detections are fine-tuned, eliminating the white noise usually associated with identity log detections.
It's been shared by our customers that Oort cuts down investigation time by a whopping 80%, and we think we can go even further with the support of our new custom webhook capability.
What Exactly Are Webhooks?
Webhooks notify you via HTTP callbacks when there's a significant event in your Oort tenant, such as when any of your users fails any of Oort’s 50+ checks.
Oort already uses webhooks, alongside event streaming and API calls, to glean data from identity providers. These new capabilities, however, enable you to send Oort’s insights into additional platforms. Whether that is Splunk, ServiceNow, Tines, Cisco Webex, or Okta Workflows, you can easily set up Oort webhooks as notification targets for checks.
Webhooks in Oort
Crafting webhooks in Oort is refreshingly straightforward, firmly putting the reins of granularity in your hands. Every company is unique, so Oort allows you to create as many webhooks as required, each tailored to prioritize specific checks.
For each Check, you can choose to send the notification to a configured webhook (visit https://docs.oort.io/integrations/webhooks to learn more about setting that up). The content you will get from the webhook event includes the CheckID, Title, Description, Severity, Recommended Actions, publish date, and much more!
Powering Automation for Rapid Responses
Armed with this context, you can then effectively respond to identity threats, as well as fix identity posture issues.
Security Orchestration, Automation and Response (SOAR) tools, like Tines, work harmoniously with webhooks. But automation also exists in so many other platforms, such as Okta Workflows.
Okta Workflows offer native automation capabilities that, when combined with Oort's webhooks, enable you to take swift action to safeguard your identities. Moreover, because Oort integrates with many identity providers, you can create a seamless flow from detection to action irrespective of where the threat is detected, be it Azure AD, GitHub, or Salesforce.
For example, if Oort detects an IP threat in Microsoft Entra ID, you could take action in your Okta instance.
Wrapping Up
The ability to respond to identity threats is as crucial as responding to them. With Oort's new custom webhook features, you can achieve deep insights into potential threats and act on them with unparalleled speed and precision.
Oort’s custom webhooks will ensure that your response to threats is quicker, smarter, and more coordinated than ever before. To learn more about webhooks and to get started, visit https://docs.oort.io/integrations/webhooks.