Generic webhooks
Last updated 2023-03-29
Our generic webhooks integration allows you to subscribe to notifications for certain activity on the Next-Gen WAF.
Adding a webhook
- Log in to the Next-Gen WAF console.
- From the Sites menu, select a site if you have more than one site.
- From the Manage menu, select Site Integrations.
- Click Add site integration.
- Select the Generic Webhook integration.
- In the Webhook URL field, enter a URL to receive the notifications at.
- Select if you want to be alerted regarding All activity or Specific activity. If you selected Specific activity, in the Activity menu choose the activity types that you want the integration to create alerts for.
- Click Create site integration.
Notifications format
Notifications are sent with the following format:
1{2 "created": "2022-12-09T10:43:54-08:00",3 "type": "flag",4 "payload": ...,5 "link":"dashboard link to event"6}X-SigSci-Signature Header
All requests sent from the generic webhook integration contain a header called X-SigSci-Signature. The value is an HMAC-SHA256 hex digest hashed using a secret key generated when the generic webhook was created.
The key can be rotated by clicking Edit next to the generic webhook and then Rotate key in the Generic webhook integration form.
Verification is done by creating an HMAC-SHA256 hex digest of the generic webhook payload using the signing key and comparing the result to the value of the X-SigSci-Signature header.
X-SigSci-Signature Header Verification Example Code
The examples show header verification code for X-SigSci-Signature.
Go
1package main2
3import (4 "crypto/hmac"5 "crypto/sha256"6 "encoding/hex"7 "fmt"8)9
10// CheckMAC reports whether messageMAC is a valid HMAC tag for message.11func CheckMAC(message, messageMAC, key []byte) bool {12 mac := hmac.New(sha256.New, key)13 mac.Write(message)14 expectedMAC := mac.Sum(nil)15
16 return hmac.Equal(messageMAC, expectedMAC)17}18
19func main() {20 key := []byte("[insert signing key here]")21
22 h := "[insert X-SigSci-Signature value here]"23
24 json := []byte(`[insert JSON payload here]`)25
26 hash, err := hex.DecodeString(h)27 if err != nil {28 log.Fatal("ERROR: ", err)29 }30
31 ok := CheckMAC(json, hash, key)32
33 fmt.Println(ok)34}Python
1import hashlib2import hmac3
4def checkHMAC(message, messageMAC, key):5 mac = hmac.new(key, message, digestmod=hashlib.sha256).hexdigest()6
7 return mac == messageMAC8
9key = '[insert signing key here]'10
11h = '[insert X-SigSci-Signature value here]'12
13json = '[insert JSON payload here]'14
15ok = checkHMAC(json, h, key)16
17print(ok)Ruby
1require 'openssl'2require "base64"3
4key = '[insert signing key here]'5h = '[insert X-SigSci-Signature value here]'6json = '[insert JSON payload here]'7
8hash = OpenSSL::HMAC.hexdigest('sha256', key, json)9
10puts hash == hBash
1#!/bin/bash2
3function check_hmac {4 json="$1"5 messageMAC="$2"6 key="$3"7
8 result=$(echo -n "$json" | openssl dgst -sha256 -hmac "$key")9 if [ "$result" == "$messageMAC" ]10 then11 return 012 else13 return 114 fi15}16
17key='[insert key here]'18h='[insert X-SigSci-Signature value here]'19json='[insert JSON payload here]'20
21check_hmac "$json" $h $keyActivity types
| Activity type | Description | Payload |
|---|---|---|
siteDisplayNameChanged | The display name of a site was changed | |
siteNameChanged | The short name of a site was changed | |
loggingModeChanged | The agent mode (Blocking, Not Blocking, Off) was changed | Get site by name |
agentAnonModeChanged | The agent IP anonymization mode was changed | Get site by name |
flag | An IP address was flagged | Get event by ID |
expireFlag | An IP address flag was manually expired | List events |
createCustomRedaction | A custom redaction was created | Create a custom redaction |
removeCustomRedaction | A custom redaction was removed | Remove a custom redaction |
updateCustomRedaction | A custom redaction was updated | Update a custom redaction |
customTagCreated | A custom signal was created | |
customTagUpdated | A custom signal was updated | |
customTagDeleted | A custom signal was removed | |
customAlertCreated | A custom alert was created | Create a custom alert |
customAlertUpdated | A custom alert was updated | Update a custom alert |
customAlertDeleted | A custom alert was removed | Remove a custom alert |
detectionCreated | A templated rule was created | |
detectionUpdated | A templated rule was updated | |
detectionDeleted | A templated rule was removed | |
listCreated | A list was created | Create a list |
listUpdated | A list was updated | Update a list |
listDeleted | A list was removed | Remove a list |
ruleCreated | A request rule was created | |
ruleUpdated | A request rule was updated | |
ruleDeleted | A request rule was deleted | |
customDashboardCreated | A custom dashboard was created | |
customDashboardUpdated | A custom dashboard was updated | |
customDashboardReset | A custom dashboard was reset | |
customDashboardDeleted | A custom dashboard was removed | |
customDashboardWidgetCreated | A custom dashboard card was created | |
customDashboardWidgetUpdated | A custom dashboard card was updated | |
customDashboardWidgetDeleted | A custom dashboard card was removed | |
agentAlert | An agent alert was triggered |
Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
