Skip to content
  • There are no suggestions because the search field is empty.

Which placeholders are available for integrations?

Placeholders are dynamic values that automatically populate fields in your integrations with data from Security Center. Use placeholders to customize notifications with asset details, vulnerability information, ticket data, and more. This gives you detailed, context-specific messages in Slack, Jira, ServiceNow, TOPdesk, Microsoft Teams, Splunk, QRadar, and other supported integrations.

What are placeholders?

Placeholders are special text codes enclosed in curly braces (for example, {asset.name}) that you insert into integration fields. When an event triggers a notification, Holm Security replaces these codes with actual data from the triggered event.

For example, if you add {vuln.severity} to a Slack message, the placeholder will be replaced with the vulnerability's actual severity level when the notification is sent.

Tip: Using placeholders allows you to create consistent, standardized notifications across all your integrations. You can reference the same vulnerability data in Slack, Jira tickets, and ServiceNow incidents without manually typing values.

Available placeholders by category

Placeholders are organized into three main categories based on the type of data they represent:

Asset placeholders

Use these placeholders to include information about the scanned asset (server, workstation, web application, etc.):

  • {asset.name} - The display name of the asset
  • {asset.hostname} - The hostname of the asset
  • {asset.ipv4} - The IPv4 address of the asset
  • {asset.ipv6} - The IPv6 address of the asset
  • {asset.type} - The asset type (e.g., Server, Workstation, Web App)
  • {asset.os} - The operating system of the asset
  • {asset.url} - The web URL of the asset (for web applications)
  • {asset.owner} - The owner of the asset as specified in Security Center
  • {asset.tags} - Any tags assigned to the asset (comma-separated)
  • {asset.business_risk} - The business risk rating of the asset
  • {asset.details} - Additional asset details
  • {asset.first_scanned} - The date the asset was first scanned
  • {asset.last_scanned} - The date the asset was most recently scanned

Ticket placeholders

Use these placeholders to include information about remediation tickets created in your integration system:

  • {ticket.url} - The direct link to the ticket in your integration system
  • {ticket.number} - The ticket ID or reference number
  • {ticket.name} - The ticket subject or title
  • {ticket.status} - The current status of the ticket (e.g., Open, In Progress, Closed)
  • {ticket.severity} - The severity level assigned to the ticket
  • {ticket.due_date} - The due date for the ticket
  • {ticket.new_ticket_subject} - The subject line when a new ticket is created
  • {ticket.owner.name} - The full name of the ticket owner
  • {ticket.owner.first_name} - The first name of the ticket owner
  • {ticket.owner.last_name} - The last name of the ticket owner
  • {ticket.owner.email} - The email address of the ticket owner

Vulnerability placeholders

Use these placeholders to include vulnerability details in your notifications:

  • {vuln.name} - The vulnerability name or title
  • {vuln.severity} - The severity level (Critical, High, Medium, Low)
  • {vuln.summary} - A brief summary of the vulnerability
  • {vuln.solution} - The recommended solution or remediation steps
  • {vuln.impact} - The potential impact if the vulnerability is exploited
  • {vuln.insight} - Additional insights about the vulnerability
  • {vuln.detection} - How the vulnerability was detected
  • {vuln.detection_result} - Detailed results from the detection scan
  • {vuln.url} - The direct link to the vulnerability details in Security Center
  • {vuln.cvss2} - The CVSS v2.0 score
  • {vuln.cvss3} - The CVSS v3.0 score
  • {vuln.cves} - Associated CVE identifiers (comma-separated)
  • {vuln.hid} - The Holm Security internal identifier
  • {vuln.exploits} - Known public exploits for this vulnerability
  • {vuln.patches} - Available patches and updates
  • {vuln.ransomware} - Whether the vulnerability is exploited by ransomware

How to use placeholders in your integrations

Follow these steps to add placeholders to your integration fields:

  1. Establish a connection - First, set up the basic connection with your integration application (Slack workspace, Jira instance, ServiceNow tenant, etc.).
  2. Navigate to integration settings - In Security Center, go to Integrations and select your integration.
  3. Click "Add another field" - This allows you to add custom mapping fields.
  4. Enter the placeholder - Type the placeholder code you want to use (for example, {vuln.severity} or {asset.owner}).
  5. Test the integration - Click Test ticket or Test connection to verify the placeholder resolves correctly with actual data.
  6. Save your settings - Click Update settings to save your configuration.

Example: Building a custom Slack message

Here's an example of how to use multiple placeholders together to create a rich Slack notification:

Example placeholder message:

*New Vulnerability Found*

*Asset:* {asset.name} ({asset.ipv4})
*Vulnerability:* {vuln.name}
*Severity:* {vuln.severity}
*CVSS Score:* {vuln.cvss3}
*Solution:* {vuln.solution}

View in Security Center: {vuln.url}

After placeholder substitution, the message might look like:

*New Vulnerability Found*

*Asset:* Web Server 01 (192.168.1.45)
*Vulnerability:* OpenSSL Remote Code Execution
*Severity:* Critical
*CVSS Score:* 9.8
*Solution:* Upgrade OpenSSL to version 1.1.1 or later

View in Security Center: https://sc.holmsecurity.com/vulnerabilities/vuln-12345

Which integrations support placeholders?

Placeholders are available for the following integrations:

Slack - Customize Slack messages with asset, ticket, and vulnerability data

Jira - Populate Jira issue fields with dynamic vulnerability and asset details

ServiceNow - Map placeholders to ServiceNow incident and change request fields

TOPdesk - Create detailed TOPdesk tickets with placeholder-driven field mapping

Microsoft Teams - Send rich Teams messages with vulnerability and asset information

Splunk - Send structured placeholder data to Splunk for security monitoring

IBM QRadar - Stream vulnerability events with full placeholder context to QRadar

Note: Not all integrations support the exact same set of placeholders. Webhook integrations typically support all placeholders listed above, while API-based integrations may have integration-specific limitations. Check the specific integration article for details.

Best practices for placeholder usage

  • Be consistent - Use the same placeholders across multiple notifications so your team can easily recognize the data format.
  • Include context - Don't just use {vuln.name} alone. Pair it with {asset.name} and {vuln.severity} so readers understand what is affected.
  • Test first - Always use the "Test ticket" or "Test connection" button to verify placeholders are working before saving your integration configuration.
  • Use meaningful labels - Add descriptive text around placeholders: "Affected Asset: {asset.name}" rather than just "{asset.name}".
  • Format for readability - For long messages, use line breaks and formatting (bold, italics) to make notifications easier to scan.
  • Avoid overloading - Don't use too many placeholders in a single message. Focus on the most relevant information (asset, vulnerability name, severity, action).

Troubleshooting placeholder issues

Placeholder is not being replaced with data

If a placeholder displays as literal text (like {vuln.name}) instead of the actual value:

  • Verify the placeholder name is spelled correctly (placeholders are case-sensitive)
  • Ensure the placeholder is wrapped in curly braces: {asset.ipv4} not asset.ipv4
  • Check that the data exists in Security Center (for example, {asset.owner} only works if the asset has an owner assigned)
  • Use the "Test ticket" button to see actual placeholder values before saving

Placeholder appears empty or blank

If a placeholder is replaced but shows no value:

  • The data may not be available for that specific asset or vulnerability. For example, {asset.owner} is empty if no owner is assigned to the asset.
  • Some placeholders (like {ticket.due_date}) only populate when a ticket is created. They won't have values in scan notifications.
  • Verify the integration has the necessary permissions to access the data in Security Center

Integration test fails with placeholder errors

If the "Test ticket" button fails:

  • Try removing the placeholder temporarily and test again to isolate the issue
  • Check the integration documentation for field requirements (some fields may not accept all data types)
  • Verify your endpoint URL or credentials are correct
  • Review the error message in Security Center for specific details

Caution: Some placeholders may contain sensitive information. Review your notification messages to ensure they comply with your organization's data security and privacy policies before sending notifications to external systems.

For more information, please contact our customer support.