Generic webhooks
Last updated 2025-02-18
IMPORTANT
This feature only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. Corp integrations (account integrations) are not supported on the Essential platform.
Our generic webhooks integration allows you to subscribe to notifications for certain activity on the Next-Gen WAF.
Adding a webhook
- Log in to the Next-Gen WAF control panel.
- From the Sites menu, select a site if you have more than one site.
- From the Manage menu, select Site Integrations.
- Click Add site integration.
- Select the Generic Webhook integration.
- In the Webhook URL field, enter a URL to receive the notifications at.
- Select if you want to be alerted regarding All activity or Specific activity. If you selected Specific activity, then in the Activity menu choose the activity types that you want the integration to create alerts for.
- Click Create site integration.
Notifications format
Notifications are sent with the following format:
12345678910111213141516171819{ "created": "2024-02-09T21:08:21.31644377Z", "type": "flag", "payload": { "ID": "abcde123456789", "CorpID": "123456789abcde", "SiteID": "987654321fedcba", "Scope": "site", "Slug": "site.example", "Name": "example", "Description": "Webhook integration for Example site", "CreatedBy": "admin@example.com", "CreatedByID": "edcba987654321", "Created": "2024-02-09T21:08:21.31644377Z", "Updated": "2025-01-07T21:06:31.50725289Z", "ResourceID": "ASDFghjkl123456789" }, "link":"dashboard link to event"}X-SigSci-Signature Header
All requests sent from the generic webhook integration contain a header called X-SigSci-Signature. The value is an HMAC-SHA256 hex digest hashed using a secret key generated when the generic webhook was created.
The key can be rotated by clicking Edit next to the generic webhook and then Rotate key in the Generic webhook integration form.
Verification is done by creating an HMAC-SHA256 hex digest of the generic webhook payload using the signing key and comparing the result to the value of the X-SigSci-Signature header.
X-SigSci-Signature Header Verification Example Code
The examples show header verification code for X-SigSci-Signature.
Go
12345678910111213141516171819202122232425262728293031323334package main
import ( "crypto/hmac" "crypto/sha256" "encoding/hex" "fmt")
// CheckMAC reports whether messageMAC is a valid HMAC tag for message.func CheckMAC(message, messageMAC, key []byte) bool { mac := hmac.New(sha256.New, key) mac.Write(message) expectedMAC := mac.Sum(nil)
return hmac.Equal(messageMAC, expectedMAC)}
func main() { key := []byte("[insert signing key here]")
h := "[insert X-SigSci-Signature value here]"
json := []byte(`[insert JSON payload here]`)
hash, err := hex.DecodeString(h) if err != nil { log.Fatal("ERROR: ", err) }
ok := CheckMAC(json, hash, key)
fmt.Println(ok)}Python
1234567891011121314151617import hashlibimport hmac
def checkHMAC(message, messageMAC, key): mac = hmac.new(key, message, digestmod=hashlib.sha256).hexdigest()
return mac == messageMAC
key = '[insert signing key here]'
h = '[insert X-SigSci-Signature value here]'
json = '[insert JSON payload here]'
ok = checkHMAC(json, h, key)
print(ok)Ruby
12345678910require 'openssl'require "base64"
key = '[insert signing key here]'h = '[insert X-SigSci-Signature value here]'json = '[insert JSON payload here]'
hash = OpenSSL::HMAC.hexdigest('sha256', key, json)
puts hash == hBash
123456789101112131415161718192021#!/bin/bash
function check_hmac { json="$1" messageMAC="$2" key="$3"
result=$(echo -n "$json" | openssl dgst -sha256 -hmac "$key") if [ "$result" == "$messageMAC" ] then return 0 else return 1 fi}
key='[insert key here]'h='[insert X-SigSci-Signature value here]'json='[insert JSON payload here]'
check_hmac "$json" $h $keyActivity types
| Activity type | Description | Payload |
|---|---|---|
siteDisplayNameChanged | The display name of a site (workspace) was changed | |
siteNameChanged | The short name of a site (workspace) was changed | |
loggingModeChanged | The agent mode (Blocking, Not Blocking, Off) was changed | Get site by name |
agentAnonModeChanged | The agent IP anonymization mode was changed | Get site by name |
flag | An IP address was flagged | Get event by ID |
expireFlag | An IP address flag was manually expired | List events |
createCustomRedaction | A custom redaction was created | Create a custom redaction |
removeCustomRedaction | A custom redaction was removed | Remove a custom redaction |
updateCustomRedaction | A custom redaction was updated | Update a custom redaction |
customTagCreated | A custom signal was created | |
customTagUpdated | A custom signal was updated | |
customTagDeleted | A custom signal was removed | |
customAlertCreated | A custom alert was created | Create a custom alert |
customAlertUpdated | A custom alert was updated | Update a custom alert |
customAlertDeleted | A custom alert was removed | Remove a custom alert |
detectionCreated | A templated rule was created | |
detectionUpdated | A templated rule was updated | |
detectionDeleted | A templated rule was removed | |
listCreated | A list was created | Create a list |
listUpdated | A list was updated | Update a list |
listDeleted | A list was removed | Remove a list |
ruleCreated | A request rule was created | |
ruleUpdated | A request rule was updated | |
ruleDeleted | A request rule was deleted | |
customDashboardCreated | A custom dashboard was created | |
customDashboardUpdated | A custom dashboard was updated | |
customDashboardReset | A custom dashboard was reset | |
customDashboardDeleted | A custom dashboard was removed | |
customDashboardWidgetCreated | A custom dashboard card was created | |
customDashboardWidgetUpdated | A custom dashboard card was updated | |
customDashboardWidgetDeleted | A custom dashboard card was removed | |
agentAlert | An agent alert was triggered |
Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
