How does the Webhook integration work?

Avatar
Abhilasha Singh Machal
Follow

Webhooks integrations can be used for various solutions such as Issue tracking, business intelligence, IT service management etc. 

The integration with Holm Security VMP can be used to send information from Security Center containing information such as information about finished scan, schedule notifications and opened and closed tickets. 

Webhook examples 

Request headers

Content-Length 320

User-Agent python-requests/2.8.1

Host: <destination hostname>

Content_Type: application/json

Content_Length: 320

Accept */*

Content-Type application/json

Request payload

{"finished_scan": {"status": "Completed", "low_cnt": 0, "critical_cnt": 1, "started": "2018-08-21 12:02", "finished": "2018-08-21 12:59", "link": "https://sc.holmsecurity.com/scans/scans/view/123", "duration": "00:57", "errors": "", "name": "Daily scan", "high_cnt": 0, "medium_cnt": 3, "type": "network"}}

Please notice that Holm Security sends a HTTP POST request.

Webhook definitions

For scheduled scan notifications, a scheduled_scan dictionary with following entries:

  • name (scan name)
  • type (scan type: "network"|"web application")
  • starts_at (timestamp)
  • link (url to SC with scan/schedule settings)

For finished scan notifications, a finished_scan dictionary with following entries:

  • name (scan name)
  • type (scan type: "network"|"web application")
  • started (timestamp)
  • finished (timestamp)
  • duration (timedelta as string)
  • status (string, should be  "Completed"
  • errors (string, empty or containing error messages separated by double newline characters)
  • critical_cnt (integer, number of critical vulns found)
  • high_cnt (integer, number of high vulns found)
  • medium_cnt (integer, number of medium vulns found)
  • low_cnt (integer, number of low vulns found)
  • link (url to SC with scan results)

For opened/closed ticket notifications, a ticket dictionary with following entries:

  • number (integer, ticket number)
  • status (string, should be either "Open" or "Closed (Fixed)")
  • severity (string, "Info"|"Low"|"Medium"|"High"|"Critical")
  • vulnerability_name (string)
  • asset_name (string)
  • asset_link (url to SC, displaying affected asset properties)
  • due_date (date as string)
  • owner (string, email) 
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.