Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

How to create and API alert via CrowdStrike Webhook

Hello together,

I´m quite new with OpsGenie and APIs, so sorry for a maybe stupid question.

At the moment I´m trying to utilize our Security Solution CrowdStrike Falcon to send notifications via a workflow ((1) New Messages! (

When a new alert is detected the dedicated notification group should be informed. This happens via configured WebHook at CrowdStrike Falcon. For this Webhook I need an API URL to create an alert on OpsGenie side. I´ve create in OpsGenie the API integration for this and have my API key.

Now I´m thinking that my URL is maybe not correct but I´m not able to determine where my fault is there now. Also I need to use EU cloud ( for the URL.

Who, I hope I wrote it as clear as possible and it would be great when someone maybe has a hint for me.

Thanks a lot, Alexander

3 answers

1 vote

Hi Alexander,
Great question! Since Opsgenie does not have a pre-built integration with CrowdStrike, it sounds like you are on the right track leveraging the Opsgenie default API Integration to integrate with this external system. Using the API Integration, if you want to to send alerts from CrowdStrike to Opsgenie, you will have to make API requests to Opsgenie alert API from CrowdStrike, using the Opsgenie fields. Details on how to format the requests to our Alert API can be found here:
The HTTP POST request URL should be:

Hope this helps! Please let me know if you still have questions regarding this API integration.




Hello Skyler,

thank you very much for your assistance here. It´s still not running and I assume it´s something in the json -H "Content-Type: application/json" -H ... but I´m not sure. It´s new for me and I did not so many in the past with API...

Best regards and sorry for the delay,


Hi Alexander, 


Happy to help, and thank you for providing this update. The endpoint is and the Headers required are the Authorization: GenieKey [API Key that you copied from the integration] & Content-Type: application/json.

Then, you would need to format the body of the request with the Opsgenie alert fields (message, alias, description, etc.). If CrowdStrike is not able to make requests in this format, then you could also instead try setting up the integration via email if Crowdstrike can send out emails for alerts. Please let me know if you have any questions on any of the items I've mentioned here, and hopefully this gets you pointed in the right direction!


Best regards,


Hi Skyler,

It so happens to be that I'm actually picking up after Alexander here so I'd like to follow up on this.

Let's say that API key header can be provided (as ?apiKey=xxx-xxx-xx, as described by Matthew below) and content type is indeed application/json. Is there a way to transform the received whatever key/value json body structure before feeding it to Opsgenie on the Opsgenie side? That is to say Crowdstrike just spurts out whatever they have configured so can this be leveraged on the Opsgenie side or that's not on par with how REST API works (complete newbie here).

Btw, this is the error I'm getting when trying to send something to the Opsgenie API integration:

  "response_body": {
    "errors": {
      "message": "Message can not be empty."
    "message": "Request body is not processable. Please check the errors.",
    "requestId": "a3c12231-4610-4718-864e-dc4693939c61",
    "took": 0.001



I heard back from CrowdStrike that they could not support I wrote an integration myself that uses AWS Lambda to reformat the API call.  (I'm trying to guilt them into supporting OpsGenie themselves).

You can find the code and directions for setting it up here:

I'm also working on this and have opened a case with CrowdStrike.  I'm able to create an alert in OpsGenie using the API via curl and Postman without any problems.

As you discovered, the only configurations on the CrowdStrike side are the URL of the web-hook, and later in the notifications workflow, the ability to choose which data fields it will POST to the web-hook.

As I see it, this presents 2 problems:

1.  Without the ability to authenticate via header, we'd need to be able to pass the "Authorization" API key on the URL. 

My coworker discovered that this can be solved by putting the Authorization header on the URL using the apiKey parameter (which works from curl).  For example:


2.  We need to be able to map the fields from CrowdStrike (i.e.  "Hostname", "Action taken", "Command Line", "Severity", "IP Address", etc.) to the correct fields in OpsGenie.

From Skyler's reply above, I would assume that there is no mechanism in OpsGenie to perform this field-mapping or templating.  I'm waiting for a reply from CrowdStrike, but I assume the answer is that this is not possible.

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events