Generic webhooks

  Last updated 2023-03-29

IMPORTANT

This feature only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. Corp integrations (account integrations) are not supported on the Essential platform.

Our generic webhooks integration allows you to subscribe to notifications for certain activity on the Next-Gen WAF.

Adding a webhook

  1. Log in to the Next-Gen WAF control panel.
  2. From the Sites menu, select a site if you have more than one site.
  3. From the Manage menu, select Site Integrations.
  4. Click Add site integration.
  5. Select the Generic Webhook integration.
  6. In the Webhook URL field, enter a URL to receive the notifications at.
  7. Select if you want to be alerted regarding All activity or Specific activity. If you selected Specific activity, then in the Activity menu choose the activity types that you want the integration to create alerts for.
  8. Click Create site integration.

Notifications format

Notifications are sent with the following format:

1
2
3
4
5
6
{
  "created": "2022-12-09T10:43:54-08:00",
  "type": "flag",
  "payload": ...,
  "link":"dashboard link to event"
}

X-SigSci-Signature Header

All requests sent from the generic webhook integration contain a header called X-SigSci-Signature. The value is an HMAC-SHA256 hex digest hashed using a secret key generated when the generic webhook was created.

The key can be rotated by clicking Edit next to the generic webhook and then Rotate key in the Generic webhook integration form.

Verification is done by creating an HMAC-SHA256 hex digest of the generic webhook payload using the signing key and comparing the result to the value of the X-SigSci-Signature header.

X-SigSci-Signature Header Verification Example Code

The examples show header verification code for X-SigSci-Signature.

Go

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
package main


import (
    "crypto/hmac"
    "crypto/sha256"
    "encoding/hex"
    "fmt"
)


// CheckMAC reports whether messageMAC is a valid HMAC tag for message.
func CheckMAC(message, messageMAC, key []byte) bool {
    mac := hmac.New(sha256.New, key)
    mac.Write(message)
    expectedMAC := mac.Sum(nil)


    return hmac.Equal(messageMAC, expectedMAC)
}


func main() {
    key := []byte("[insert signing key here]")


    h := "[insert X-SigSci-Signature value here]"


    json := []byte(`[insert JSON payload here]`)


    hash, err := hex.DecodeString(h)
    if err != nil {
        log.Fatal("ERROR: ", err)
    }


    ok := CheckMAC(json, hash, key)


    fmt.Println(ok)
}

Python

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
import hashlib
import hmac


def checkHMAC(message, messageMAC, key):
    mac = hmac.new(key, message, digestmod=hashlib.sha256).hexdigest()


    return mac == messageMAC


key = '[insert signing key here]'


h = '[insert X-SigSci-Signature value here]'


json = '[insert JSON payload here]'


ok = checkHMAC(json, h, key)


print(ok)

Ruby

1
2
3
4
5
6
7
8
9
10
require 'openssl'
require "base64"


key = '[insert signing key here]'
h = '[insert X-SigSci-Signature value here]'
json = '[insert JSON payload here]'


hash  = OpenSSL::HMAC.hexdigest('sha256', key, json)


puts hash == h

Bash

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#!/bin/bash


function check_hmac {
  json="$1"
  messageMAC="$2"
  key="$3"


  result=$(echo -n "$json" | openssl dgst -sha256 -hmac "$key")
  if [ "$result" == "$messageMAC" ]
  then
          return 0
  else
          return 1
  fi
}


key='[insert key here]'
h='[insert X-SigSci-Signature value here]'
json='[insert JSON payload here]'


check_hmac "$json" $h $key

Activity types

Activity typeDescriptionPayload
siteDisplayNameChangedThe display name of a site (workspace) was changed
siteNameChangedThe short name of a site (workspace) was changed
loggingModeChangedThe agent mode (Blocking, Not Blocking, Off) was changedGet site by name
agentAnonModeChangedThe agent IP anonymization mode was changedGet site by name
flagAn IP address was flaggedGet event by ID
expireFlagAn IP address flag was manually expiredList events
createCustomRedactionA custom redaction was createdCreate a custom redaction
removeCustomRedactionA custom redaction was removedRemove a custom redaction
updateCustomRedactionA custom redaction was updatedUpdate a custom redaction
customTagCreatedA custom signal was created
customTagUpdatedA custom signal was updated
customTagDeletedA custom signal was removed
customAlertCreatedA custom alert was createdCreate a custom alert
customAlertUpdatedA custom alert was updatedUpdate a custom alert
customAlertDeletedA custom alert was removedRemove a custom alert
detectionCreatedA templated rule was created
detectionUpdatedA templated rule was updated
detectionDeletedA templated rule was removed
listCreatedA list was createdCreate a list
listUpdatedA list was updatedUpdate a list
listDeletedA list was removedRemove a list
ruleCreatedA request rule was created
ruleUpdatedA request rule was updated
ruleDeletedA request rule was deleted
customDashboardCreatedA custom dashboard was created
customDashboardUpdatedA custom dashboard was updated
customDashboardResetA custom dashboard was reset
customDashboardDeletedA custom dashboard was removed
customDashboardWidgetCreatedA custom dashboard card was created
customDashboardWidgetUpdatedA custom dashboard card was updated
customDashboardWidgetDeletedA custom dashboard card was removed
agentAlertAn agent alert was triggered
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fastly
© Fastly 2024