Using Webhooks Notifications

General Structure

Alert webhook events contain the following headers:

  • X-Tcell-Event-Id: Unique ID for the webhook message.
  • X-Tcell-Event-Type: Type of the webhook message (always equal to "alert").

Their bodies are JSON objects containing the following keys:

  • alert_type: The type of alert (login-attack, new-package, etc).
  • alert_title: A human-readable title for the alert.
  • alert_text: A human-readable summary for the alert.
  • details_url: URL for the newsfeed item associated with the alert (meant for human consumption).
  • app_id: The app-id associated with the alert.
  • event_id: Unique ID for the webhook message (identical to the X-Tcell-Event-Id header).
  • event_type: Type of the webhook message (identical to the X-Tcell-Event-Type header).
  • timestamp: ISO 8601 timestamp for the underlying event (e.g. when an IP was flagged as suspicious, or when an app was created).
  • data: Alert-type-specific data; described below.

Alert-type-specific Data

These are details we're planning to add, per alert type.

login-attack
  • ips: ips involved in the attack
  • user_ids: users associated with the attack
  • events_url: link to login events associated with the attack (for a time interval around the alert time) (TBD)
suspicious-ip
  • ip: the ip that is being suspicious
  • cause: 'scanning-attack' or 'login-attack'
  • events_url: link to appsensor/login events (depending on the cause) for the IP (TBD)
config/feature-changed
  • user_id: the user that changed the config (TBD)
  • old_config_url: link to the old config data (TBD)
  • new_config_url: link to the new config data (TBD)
new-package
  • name: package name
  • version: package version
  • details_url: link to the package details (TBD)
new-route
  • route_pattern: path pattern for the route
  • route_method: method name for the route
  • routes_url: link to the route details (TBD)
csp-violation
  • blocked_domain: domain for the violation
  • directive: CSP directive for the violation
  • events_url: link to CSP events matching the domain and directive (TBD)
inline-script
  • script_id: ID for the script
  • details_url: link to script details (TBD)
  • events_url: link to inline script events for the given ID (TBD)
Have more questions? Submit a request

Comments