- Knowledge Base
- Integrations
- Webhooks
-
Security Announcements
-
Product News
-
Next-Gen Vulnerability Management
-
Getting Started
-
General
-
Operating Status
-
System & Network Scanning
-
Web Application Scanning
-
Cloud Scanning (CSPM)
-
API Scanning
-
Phishing & Awareness Training
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset Management
-
Vulnerability Manager
-
Reports
-
Digest Reports
-
Organizer
-
Continuous Monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & Conditions
-
Dashboard
How does the Webhook integration work?
Webhook integrations can be used for various solutions such as Issue tracking, business intelligence, IT service management, etc.
The integration can be used to send information from Security Center containing information such as information about finished scans, schedule notifications, and opened and closed tickets.
Webhook examples
Request headers
Content-Length 320
User-Agent python-requests/2.8.1
Host: <destination hostname>
Content_Type: application/json
Content_Length: 320
Accept */*
Content-Type application/json
Request payload
{"finished_scan": {"status": "Completed", "low_cnt": 0, "critical_cnt": 1, "started": "2018-08-21 12:02", "finished": "2018-08-21 12:59", "link": "https://sc.holmsecurity.com/scans/scans/view/123", "duration": "00:57", "errors": "", "name": "Daily scan", "high_cnt": 0, "medium_cnt": 3, "type": "network"}}
Please notice that Holm Security sends a HTTP POST request.
Webhook definitions
For scheduled scan notifications, a scheduled_scan dictionary with the following entries:
- name (scan name)
- type (scan type: "network"|"web application")
- starts_at (timestamp)
- link (url to SC with scan/schedule settings)
For finished scan notifications, a finished_scan dictionary with the following entries:
- name (scan name)
- type (scan type: "network"|"web application")
- started (timestamp)
- finished (timestamp)
- duration (timedelta as string)
- status (string, should be "Completed"
- errors (string, empty or containing error messages separated by double newline characters)
- critical_cnt (integer, number of critical vulns found)
- high_cnt (integer, number of high vulns found)
- medium_cnt (integer, number of medium vulns found)
- low_cnt (integer, number of low vulns found)
- link (url to SC with scan results)
For opened/closed ticket notifications, a ticket dictionary with the following entries:
- number (integer, ticket number)
- status (string, should be either "Open" or "Closed (Fixed)")
- severity (string, "Info"|"Low"|"Medium"|"High"|"Critical")
- vulnerability_name (string)
- asset_name (string)
- asset_link (url to SC, displaying affected asset properties)
- due_date (date as string)
- owner (string, email)