Red Canary Integration Overview
With Perch’s integration to Red Canary, you can store, search, and visualize all threats detected by Red Canary within Perch. You can also let Perch Security Analysts triage threats detected by Red Canary alongside all your data in Perch.
Red Canary Integration Setup
- In Perch, navigate to Settings > Red Canary.
- Click INSTALL.
- Create a shared secret key and enter it in the Shared Secret (Authorization) field. Save this key in a text file to complete the setup in Red Canary.
- Copy the webhook URL in a text file.
- Click Enable log collection.
- Click Save.
Configure the Red Canary Playbook
- In Red Canary, navigate to the playbooks you want to send the webhook request to Perch.
- Click Add Action.
- Navigate to Webhook/API > Invoke Webhook or API > Add to Playbook.
- Select POST as the HTTP method.
- Enter the URL you copied in step 4.
- Select Yes in the Allow Connections to Untrusted Servers field.
- Enter Content-Type=application/json in the HTTP Headers field.
- Enter Authorization= and the secret key you created in step 3 in the HTTP Headers field.
- Select All Attributes as JSON in the Payload drop-down.
- Click Save.
- Repeat the steps for all the playbooks you want to send data to Perch. Review the Red Canary integration documentation for more information.