Add a new XDR use case - Send notifications to a Webhook using playbooks

docs/getting_started/notifications-Examples.md

@@ -27,6 +27,7 @@ The “WebHook notification” will let you send message to interact with third
 
 !!! info 
     You can’t use the WebHook notification mechanism to push information directly to third parties (such as Slack or Telegram), you have to use an intermediate server. To do so, you can use solutions like IFTTT or a simple HTTP server (see below).
+    There are also playbook templates that can be used to send notifications to Slack or Microsoft Teams directly using Webhooks; See how to [send notifications to a Webhook using a playbook](../xdr/usecases/playbook/notifications_using_playbooks.md) for more information 
 
 Here’s an example of a posted content to a configured destination via the WebHook mechanism:
 

docs/xdr/usecases/playbook/notifications_using_playbooks.md

@@ -0,0 +1,41 @@
+# Send notifications to a Webhook using a playbook
+
+This use case describes how to send a notification to a third party system like Slack or Microsoft Teams using webhooks and a playbook.
+
+## Prerequisites
+
+- A Sekoia.io XDR licence
+- The user that configures the Playbook should have a Role that contains:
+	* The SYMPHONY permissions
+- An API Key with a Role that contains at least the following permission:
+	* SIC_READ_ALERTS
+	* SIC_READ_INTAKES
+
+> To create your API Key, follow this [documentation](../../../getting_started/manage_api_keys.md).
+
+## Create your playbook
+
+Playbook templates were created to ease the process of setting up the playbooks to send the notifications to Slack or Teams. 
+
+- **Go to** the [Playbook page](https://app.sekoia.io/operations/playbooks)
+- **Click** on `+ New Playbook`
+- If multi-tenant is available, **select** the Community where the Playbook should be executed
+- Choose the `Use a template` option 
+- Search for `Teams` or `Slack` depending on your needs
+- Select the corresponding playbook and click on `Create`
+
+## Configure your playbook
+
+Once your playbook is created, the following configuration steps are required:
+
+- Open each `Sekoia.io` action and select the account that needs to be used to communicate with Sekoia.io APIs. You may have to create an account with the API key you created previously if no account exists.
+- Open the `Send to Slack` or `Send to Teams` action and replace the URL with the URL of your webhook
+
+## Customize your notifications
+
+The Slack and Teams playbook templates are provided as examples of notifications that can be sent to these solutions, you can customize the playbooks to your needs by adding additionnal actions to retrieve more data from the alerts and events and add them to the payload sent. Keep in mind that the payload must match the format expected by the third parties.
+
+## External references
+
+- [Slack Incoming Webhooks](https://api.slack.com/messaging/webhooks)
+- [Teams Incoming Webhooks](https://learn.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook)

mkdocs.yml

@@ -305,6 +305,7 @@ nav:
       - Palo Alto Cortex XSOAR: xdr/features/integrations/interconnect_sekoia_with_xsoar.md
   - Usecases:
     - Synchronize Alerts with an external tool: xdr/usecases/playbook/synchronize_alerts.md
+    - Send notifications to a Webhook using a playbook: xdr/usecases/playbook/notifications_using_playbooks.md
   - FAQ:
     - General: xdr/FAQ.md
     - Alerts: xdr/FAQ/Alerts_qa.md