adminengineer
Threat Intel Subscriptions
Configure and operate outbound threat-intelligence webhook subscriptions.
Reviewed 2026-06-21Product 1.1
Access
Viewing requires the threat_intel plan feature and threat_intel:view; creation and deletion require threat_intel:manage.
Configure a receiver
- Expose a stable HTTPS endpoint from a trusted service.
- Generate a dedicated high-entropy signing secret in your secret manager.
- Open Dashboard → Threat Intel → Add subscription.
- Enter the endpoint and signing secret, then enable the subscription.
- Verify signatures over the exact received body before accepting a delivery.
Operations
Return 2xx only after safely accepting a payload. Make your receiver idempotent, respond quickly, and process expensive work asynchronously. Monitor delivery health and investigate repeated failures before deleting a subscription.
Deliveries include x-vrtx-signature and x-vrtx-event-id. The JSON body uses event: threat_intel_update and includes the hashed indicator, confidence, TTL, recommended action, and blocklist action. The delivery timeout is 10 seconds.
Deleting a subscription stops future delivery. It does not retract indicators already delivered to your systems.