Get notified with webhooks | Fluid Attacks

Get notified with webhooks

The Hooks table in the Scope section is about custom HTTP callbacks that are defined by the member (User Manager) through a URL (endpoint). These callbacks are triggered by events that occur in the group. When an event is triggered, an HTTP request is sent to the URL configured in the Hooks section, notifying that the event has occurred. It is important to note that only the selected events will be notified. Scroll down a bit to learn more about the events that are handled in this section.

Understand the Hooks table

This table displays the endpoints you have configured to receive notifications for events you are interested in. Each column is explained below.

hooks table

  • Name: Name to refer to the hook.
  • Url: The endpoint to which notification of a specific event action will be sent.
  • Token header: The header containing your token.
  • Events: The list of events selected to receive notifications when they occur in the group.

Events available for webhooks

Events refer to the actions of the platform of which you can receive notifications when they occur in your specific group. The following will explain which events you can select in the Hooks section.

  • Agent Token Expiration: This event will notify you when our agent token is about to expire.
  • Environment Removed: Notifies you when an environment is removed as a resource.
  • New group eventuality: When an event is created in the group.
  • Root added: When a new root is added as a resource.
  • Root disablement: Refers to when a root is deactivated.
  • Assigned vulnerability: A vulnerability is assigned to a specific member of the group.
  • Vulnerability created: This event refers to when a vulnerability has been created in our group.
  • Vulnerability Deleted: This occurs when a vulnerability is deleted because it was duplicated, identified as a false positive, or due to a reporting error.
  • Severity Changed: When the severity score changes.
  • Response to reattacks: Request to see the status of the reattack.

Manage your webhooks

Role required: User Manager
There are three functions available for managing webhooks in Fluid Attacks' platform:

Add a webhook

To add a webhook, follow the steps below:

  1. Click on the Add Hook button.

    Add hook

  2. You will see the Add hook information popup, where you can enter the endpoint and select the events of interest. We will explain each item below:

    Add hook info

    • Url: Refers to the URL of the endpoint of the hook where you want to receive event notifications.
    • Name: Refers to the name or alias of the hook.
    • Token header: The header containing the token for that URL. Note that this field is optional and defaults to the x-API-token value.
    • Token: The security token needed to access the URL.
    • Events: Actions specific to the group for which you wish to receive notifications. Please note that you must select at least one, or you can choose several events. The events available for webhooks are defined above.

  3. Once all the fields are filled in, click on Confirm, and the endpoint will be added.

    Hook added

Edit a webhook

This function allows you to modify the information of a specific webhook already added to the table. To perform this action, follow these steps:

  1. Select the URL you want to edit, followed by the Edit button.

    Edit hook

  2. There, you will see a popup window where you can edit the fields that compose each hook: Url, Name, Token header, Token, and the events.

    Edit info

  3. After making changes, click Confirm to save them. You will always validate that the endpoint is accessible by making a request. APPLIES TO ADD AND EDIT.

Remove a webhook

To remove a URL that is no longer of interest to you, we suggest you follow the steps below:

  1. To remove a URL, choose the one you want to get rid of and then click on the Remove button.

    Remove hook

  2. A confirmation window will pop up asking if you want to delete the hook.

    Remove action

  3. When you click on the Confirm button, the URL will be removed from the hooks table.

Error messages

When you add or edit a webhook on our platform, specific validations are applied. Keep these validations in mind when performing these actions. Below, we explain them to you:

  • Invalid data: This validation checks that the URL and the token are valid.
  • Duplicated: This error occurs when attempting to add a URL that already exists.
  • Unreached Host: Indicates that the host URL was not found.
  • Not Found: Indicates that the hook has not been found, or you do not have permission to access it.