Generic webhooks
Last updated 2023-03-29
Our generic webhooks integration allows you to subscribe to notifications for certain activity on Signal Sciences.
Adding a webhook
From the Manage menu, select Site Integrations. The site integrations menu page appears.
Click Add site integration. The add site integration menu page appears.
Select the Generic Webhook integration. The Generic Webhook integration setup page appears.
In the Webhook URL field, enter a URL to receive the notifications at.
Select if you want to be alerted regarding All activity or Specific activity.
- If you selected Specific activity, in the Activity menu choose which types of activity you want the integration to create alerts for.
Click Create site integration.
Notifications format
Notifications are sent with the following format:
1{2 "created": "2022-12-09T10:43:54-08:00",3 "type": "flag",4 "payload": ...,5 "link":"dashboard link to event"6}
X-SigSci-Signature Header
All requests sent from the generic webhook integration contain a header called X-SigSci-Signature
. The value is an HMAC-SHA256 hex digest hashed using a secret key generated when the generic webhook was created.
The key can be rotated by clicking the Edit button next to the generic webhook and then Rotate key in the Generic webhook integration form.
Verification is done by creating an HMAC-SHA256 hex digest of the generic webhook payload using the signing key and comparing the result to the value of the X-SigSci-Signature
header.
X-SigSci-Signature Header Verification Example Code
The examples show header verification code for X-SigSci-Signature
.
Go
1package main2
3import (4 "crypto/hmac"5 "crypto/sha256"6 "encoding/hex"7 "fmt"8)9
10// CheckMAC reports whether messageMAC is a valid HMAC tag for message.11func CheckMAC(message, messageMAC, key []byte) bool {12 mac := hmac.New(sha256.New, key)13 mac.Write(message)14 expectedMAC := mac.Sum(nil)15
16 return hmac.Equal(messageMAC, expectedMAC)17}18
19func main() {20 key := []byte("[insert signing key here]")21
22 h := "[insert X-SigSci-Signature value here]"23
24 json := []byte(`[insert JSON payload here]`)25
26 hash, err := hex.DecodeString(h)27 if err != nil {28 log.Fatal("ERROR: ", err)29 }30
31 ok := CheckMAC(json, hash, key)32
33 fmt.Println(ok)34}
Python
1import hashlib2import hmac3
4def checkHMAC(message, messageMAC, key):5 mac = hmac.new(key, message, digestmod=hashlib.sha256).hexdigest()6
7 return mac == messageMAC8
9key = '[insert signing key here]'10
11h = '[insert X-SigSci-Signature value here]'12
13json = '[insert JSON payload here]'14
15ok = checkHMAC(json, h, key)16
17print(ok)
Ruby
1require 'openssl'2require "base64"3
4key = '[insert signing key here]'5h = '[insert X-SigSci-Signature value here]'6json = '[insert JSON payload here]'7
8hash = OpenSSL::HMAC.hexdigest('sha256', key, json)9
10puts hash == h
Bash
1#!/bin/bash2
3function check_hmac {4 json="$1"5 messageMAC="$2"6 key="$3"7
8 result=$(echo -n "$json" | openssl dgst -sha256 -hmac "$key")9 if [ "$result" == "$messageMAC" ]10 then11 return 012 else13 return 114 fi15}16
17key='[insert key here]'18h='[insert X-SigSci-Signature value here]'19json='[insert JSON payload here]'20
21check_hmac "$json" $h $key
Activity types
Activity type | Description | Payload |
---|---|---|
siteDisplayNameChanged | The display name of a site was changed | |
siteNameChanged | The short name of a site was changed | |
loggingModeChanged | The agent mode (Blocking , Not Blocking , Off ) was changed | Get site by name |
agentAnonModeChanged | The agent IP anonymization mode was changed | Get site by name |
flag | An IP address was flagged | Get event by ID |
expireFlag | An IP address flag was manually expired | List events |
createCustomRedaction | A custom redaction was created | Create a custom redaction |
removeCustomRedaction | A custom redaction was removed | Remove a custom redaction |
updateCustomRedaction | A custom redaction was updated | Update a custom redaction |
customTagCreated | A custom signal was created | |
customTagUpdated | A custom signal was updated | |
customTagDeleted | A custom signal was removed | |
customAlertCreated | A custom alert was created | Create a custom alert |
customAlertUpdated | A custom alert was updated | Update a custom alert |
customAlertDeleted | A custom alert was removed | Remove a custom alert |
detectionCreated | A templated rule was created | |
detectionUpdated | A templated rule was updated | |
detectionDeleted | A templated rule was removed | |
listCreated | A list was created | Create a list |
listUpdated | A list was updated | Update a list |
listDeleted | A list was removed | Remove a list |
ruleCreated | A request rule was created | |
ruleUpdated | A request rule was updated | |
ruleDeleted | A request rule was deleted | |
customDashboardCreated | A custom dashboard was created | |
customDashboardUpdated | A custom dashboard was updated | |
customDashboardReset | A custom dashboard was reset | |
customDashboardDeleted | A custom dashboard was removed | |
customDashboardWidgetCreated | A custom dashboard card was created | |
customDashboardWidgetUpdated | A custom dashboard card was updated | |
customDashboardWidgetDeleted | A custom dashboard card was removed | |
agentAlert | An agent alert was triggered |
Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.