Generic webhooks

Our generic webhooks integration allows you to subscribe to notifications for certain activity on the Next-Gen WAF.

Adding a webhook

  1. From the Manage menu, select Site Integrations.
  2. Click Add site integration.
  3. Select the Generic Webhook integration.
  4. In the Webhook URL field, enter a URL to receive the notifications at.
  5. Select if you want to be alerted regarding All activity or Specific activity. If you selected Specific activity, in the Activity menu choose the activity types that you want the integration to create alerts for.
  6. Click Create site integration.

Notifications format

Notifications are sent with the following format:

1{
2 "created": "2022-12-09T10:43:54-08:00",
3 "type": "flag",
4 "payload": ...,
5 "link":"dashboard link to event"
6}

X-SigSci-Signature Header

All requests sent from the generic webhook integration contain a header called X-SigSci-Signature. The value is an HMAC-SHA256 hex digest hashed using a secret key generated when the generic webhook was created.

The key can be rotated by clicking Edit next to the generic webhook and then Rotate key in the Generic webhook integration form.

Verification is done by creating an HMAC-SHA256 hex digest of the generic webhook payload using the signing key and comparing the result to the value of the X-SigSci-Signature header.

X-SigSci-Signature Header Verification Example Code

The examples show header verification code for X-SigSci-Signature.

Go

1package main
2
3import (
4 "crypto/hmac"
5 "crypto/sha256"
6 "encoding/hex"
7 "fmt"
8)
9
10// CheckMAC reports whether messageMAC is a valid HMAC tag for message.
11func CheckMAC(message, messageMAC, key []byte) bool {
12 mac := hmac.New(sha256.New, key)
13 mac.Write(message)
14 expectedMAC := mac.Sum(nil)
15
16 return hmac.Equal(messageMAC, expectedMAC)
17}
18
19func main() {
20 key := []byte("[insert signing key here]")
21
22 h := "[insert X-SigSci-Signature value here]"
23
24 json := []byte(`[insert JSON payload here]`)
25
26 hash, err := hex.DecodeString(h)
27 if err != nil {
28 log.Fatal("ERROR: ", err)
29 }
30
31 ok := CheckMAC(json, hash, key)
32
33 fmt.Println(ok)
34}

Python

1import hashlib
2import hmac
3
4def checkHMAC(message, messageMAC, key):
5 mac = hmac.new(key, message, digestmod=hashlib.sha256).hexdigest()
6
7 return mac == messageMAC
8
9key = '[insert signing key here]'
10
11h = '[insert X-SigSci-Signature value here]'
12
13json = '[insert JSON payload here]'
14
15ok = checkHMAC(json, h, key)
16
17print(ok)

Ruby

1require 'openssl'
2require "base64"
3
4key = '[insert signing key here]'
5h = '[insert X-SigSci-Signature value here]'
6json = '[insert JSON payload here]'
7
8hash = OpenSSL::HMAC.hexdigest('sha256', key, json)
9
10puts hash == h

Bash

1#!/bin/bash
2
3function check_hmac {
4 json="$1"
5 messageMAC="$2"
6 key="$3"
7
8 result=$(echo -n "$json" | openssl dgst -sha256 -hmac "$key")
9 if [ "$result" == "$messageMAC" ]
10 then
11 return 0
12 else
13 return 1
14 fi
15}
16
17key='[insert key here]'
18h='[insert X-SigSci-Signature value here]'
19json='[insert JSON payload here]'
20
21check_hmac "$json" $h $key

Activity types

Activity typeDescriptionPayload
siteDisplayNameChangedThe display name of a site was changed
siteNameChangedThe short name of a site was changed
loggingModeChangedThe agent mode (Blocking, Not Blocking, Off) was changedGet site by name
agentAnonModeChangedThe agent IP anonymization mode was changedGet site by name
flagAn IP address was flaggedGet event by ID
expireFlagAn IP address flag was manually expiredList events
createCustomRedactionA custom redaction was createdCreate a custom redaction
removeCustomRedactionA custom redaction was removedRemove a custom redaction
updateCustomRedactionA custom redaction was updatedUpdate a custom redaction
customTagCreatedA custom signal was created
customTagUpdatedA custom signal was updated
customTagDeletedA custom signal was removed
customAlertCreatedA custom alert was createdCreate a custom alert
customAlertUpdatedA custom alert was updatedUpdate a custom alert
customAlertDeletedA custom alert was removedRemove a custom alert
detectionCreatedA templated rule was created
detectionUpdatedA templated rule was updated
detectionDeletedA templated rule was removed
listCreatedA list was createdCreate a list
listUpdatedA list was updatedUpdate a list
listDeletedA list was removedRemove a list
ruleCreatedA request rule was created
ruleUpdatedA request rule was updated
ruleDeletedA request rule was deleted
customDashboardCreatedA custom dashboard was created
customDashboardUpdatedA custom dashboard was updated
customDashboardResetA custom dashboard was reset
customDashboardDeletedA custom dashboard was removed
customDashboardWidgetCreatedA custom dashboard card was created
customDashboardWidgetUpdatedA custom dashboard card was updated
customDashboardWidgetDeletedA custom dashboard card was removed
agentAlertAn agent alert was triggered
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.