Get notified with webhooks

Last updated: December 30, 2025

Fluid Attacks’ webhooks are not compatible with Google Chat and Slack.

The Fluid Attacks platform allows creating custom HTTP callbacks that are defined by Group Managers through a URL (endpoint). These callbacks are triggered by events that occur in the group. When an event is triggered, an HTTP request is sent to the URL configured in the platform’s Integrations section, notifying that the event has occurred. It is important to note that only the notifications informing of the selected events are sent.

To start setting up webhooks for a group or learn about existing ones, go to your organization’s Integrations section, locate Webhooks under Others, and click on the gear icon.

Locate webhooks option on the Fluid Attacks platform

Notice that the Webhooks card displays how many of the groups you have access to have this integration configured.

In the pop-up window, you can see the groups you have access to. If one or more webhooks have already been defined for a group, you see the Edit button. Otherwise, you see the Connect button. Either button opens a pop-up window with a table, which is explained below on this page.

Manage webhooks integration on the Fluid Attacks platform

Understand the Add hooks table

The table in the Add hooks pop-up window displays the endpoints you have configured to receive notifications for events you are interested in. Each column is explained below.

Open the Add hooks table on the Fluid Attacks platform

Name: Name to refer to the webhook
URL: The designated endpoint to which notifications are transmitted upon the occurrence of a specified event action
Token header: The header containing your token for the URL
Events: The list of events for which notifications are sent when they occur in the group

Events available for webhooks

Events refer to the actions of the platform for which you can receive notifications when they occur in your specific group. The following are the events for which you can set up webhooks:

AGENT_TOKEN_EXPIRATION: The CI Gate token is about to expire
CONFIRMED_ZERO_RISK: Fluid Attacks confirms that a vulnerability poses zero risk , agreeing with your organization’s posture
ENVIRONMENT_REMOVED: An environment is removed from the Scope section
EVENT_CLOSED: An event is verified as solved in the group
EVENT_CREATED: An event is created in the group
ROOT_CREATED: A new root is added in the Scope section
ROOT_DISABLED: A root is deactivated
VULNERABILITY_ASSIGNED: A vulnerability is assigned to a member of the group
VULNERABILITY_CLOSED: A vulnerability’s status changes from “Open” to “Closed”
VULNERABILITY_CREATED: A vulnerability is reported to the group
VULNERABILITY_DELETED: A vulnerability is deleted due to the realization of a reporting error, or because it was a duplicate or identified as a false positive
VULNERABILITY_SEVERITY_CHANGED: The severity score is changed
VULNERABILITY_VERIFIED: A request is sent to see the status of the reattack

Information on each event

When an event is triggered, an HTTP request is sent to the specified URL with the following body structure:


{
  "group": "group_name",
  "event": "event",
  "info": {}
}

These are the definitions of what is sent:

group: The group in which the event occurred
event: The specific event that triggered the webhook
info: An object containing additional details about the event (the structure of the info object varies depending on the event type)

The following table shows the details of the info object for different events:

Event	info object
AGENT_TOKEN_EXPIRATION	`{ "group_data": { "org_name", "exp_date", } }`
CONFIRMED_ZERO_RISK	`{ "vulnerability_id", }`
ENVIRONMENT_REMOVED	`{ "url_id", "root_id", }`
EVENT_CLOSED	`{ "event_id", }`
EVENT_CREATED	`{ "event_id", }`
ROOT_CREATED	`{ "type", "root_id", }`
ROOT_DISABLED	`{ "root_id", }`
VULNERABILITY_ASSIGNED	`{ "vulnerabilities", "finding_id", "responsible", }`
VULNERABILITY_CLOSED	`{ "vulnerability_id", }`
VULNERABILITY_CREATED	`{ "finding_id", "finding_title", "group_name", "severity_score", "severity_score_v4", "vulnerability_id", "vulnerability_specific", "vulnerability_where", }`
VULNERABILITY_DELETED	`{ "finding_id", }`
VULNERABILITY_SEVERITY_CHANGED	`{ "finding_id", "vulns_id", }`
VULNERABILITY_VERIFIED	`{}`

Manage your webhooks

Role required : Group Manager

There are three functions available for managing webhooks in Fluid Attacks’ platform:

Add a webhook

To add a webhook, follow the steps below:

Access your organization’s Integrations section, click on the gear in the Webhooks card and then on the option next to the group for which you wish to set up the webhook.
Click on the Add webhook button.
Fill out the Add webhook information pop-up window. The fields are explained below the screenshot.

URL: The URL of the endpoint of the hook where you want to receive event notifications
Name: The name or alias of the webhook
Token header: The header containing the token for that URL (this field is optional and defaults to the x-api-key value)
Token: The security token needed to access the URL
Events: Actions specific to the group for which you wish to receive notifications (select at least one; see the definitions of events available for webhooks above)

Once all the fields are filled out, click on Confirm. It is advisable to validate that the endpoint is accessible by making a request.

Edit a webhook

To modify the information of a specific webhook already created for a group, follow these steps:

Access your organization’s Integrations section, click on the gear in the Webhooks card and then on the option next to the group for which you wish to modify a webhook.
Select the webhook and then click the Edit button.
In the new pop-up window, modify the configuration of the webhook as needed. (Read the descriptions of these fields from the instructions to add a webhook .)
After making changes, click Confirm to save them. It is advisable to validate that the endpoint is accessible by making a request.

Remove a webhook

To remove a webhook that is no longer of interest to you, follow these steps:

Access your organization’s Integrations section, click on the gear in the Webhooks card and then on the option next to the group for which you wish to delete a webhook.
Choose the webhook and then click on the Remove button.
A confirmation window pops up asking you to confirm that you want to delete the webhook. Upon clicking Confirm, the webhook is removed from the table.

Error messages

When you add or edit a webhook on Fluid Attacks’ platform, the webhook is subjected to specific validations. You have to keep these validations in mind when performing those actions.

If your webhook does not pass one or more checks, you get the corresponding error message(s). The following are the error messages you may get:

Invalid data: The URL and/or the token are not valid.
Duplicated: You attempted to add a URL that already exists.
Unreached host: The host URL was not found.
Not found: The hook has not been found, or you do not have permission to access it.

Search for vulnerabilities in your apps for free with Fluid Attacks’ automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan . If you prefer the Advanced plan, which includes the expertise of Fluid Attacks’ hacking team, fill out this contact form .