Configure Third Party Actions

Configure actions Salem can take using Third Party APIs

Salem has many pre-built third party integrations. This article discusses actions that Salem can take using third party APIs

Salem Third Party Actions

Salem can use Third Party APIs to enrich alerts, send threat notifications or perform response actions. Learn more at Collect data with Third Party API

These types of actions are governed by Salem ActionDefinition configurations.

To enable a pre-built third party action, a Salem Admin user can navigate the the Salem Admin menu in Salem Chat (MS Teams or Slack).

  1. Navigate the the Salem Admin Menu from Salem Chat in MS Teams or Slack, by sending Salem the message: 

    view -a

  2. Select Configs and then ActionDefinitions

  3. Find the ActionDefinition you would like to enable

  4. You'll need to update the configuration in three places:

    1. Set the value of 'disabled' to 0. This with enable the configuration. For more information about secrets management in Salem, see Create and Update Secrets

    2. Set the name of the secret from the Azure Key Vault, that Salem should use as the SECRET from this API.

    3. Set appropriate values in the Static Key Section of the ActionDefinition. These values will be dependent on your environment and the specifics of this Third Party Action.

    NOTE: All other sections of the ActionDefinition should remain unchanged.

  5. Save

PreviousConfigure SalemNextBrowser Extension Settings

Last updated