Webhook

Webhook is a method of notifying the Customer about an event, that has occurred in the System, via messages sent over HTTPS using the TLS protocol. With the help of webhooks you can send notifications to external services and configure convenient automation in real time.

When an event occurs in the System, a POST request is sent to the URL address, specified in the Webhook URL field. The POST request is considered as accepted if response 200 is received. If no response was received, then 11 more requests will be sent, after which attempts to deliver the message will stop.

A user can receive webhooks about the following events:

• Attack
  • Start of the attack
  • End of the attack
• Anomaly
  • Start of the anomaly
  • End of the anomaly
• Certificate expiration
• BGP session shutdown

Webhook management

To manage webhooks, follow these steps:

1. Go to the Users tab.
2. Find the user for whom you need to configure webhooks and click the button. The window of editing personal data of the user opens.
3. Go to the Notification management tab.

   

Select the checkbox next to the events for which you need to receive webhooks and click Save. For more information about other notification types, see User notification management.

1. In the Webhook URL field, enter a URL address where the webhooks will be sent and click Save.

If you need to test the work of webhooks, click Test webhook. A test POST request is sent to the specified URL address. The result of the request will be displayed in the field below.

Webhooks payload

Payload of webhooks for the Attack event:

• msg_type – message type. Possible values: attack_start (start of the attack), attack_stop (end of the attack), attack_short_term (end of the short-term attack).
• attack_id – attack ID.
• attack_type – attack type in English.
• start_time – timestamp of start of the attack.
• end_time – timestamp of end of the attack. May be absent if the msg_type parameter has the attack_start value.
• resource_id – resource ID.
• resource_name – resource name in English.
• group_id – resource group ID.
• group_name – name of the resource group in English.
• attacked_ips – list of attacked IP addresses. May be absent if the resource has multiple addresses.
• max_point_values – parameter that includes the bps, bps_timestamp, pps, pps_timestamp, rps, rps_timestamp parameters.
• bps – incoming traffic in bits per second.
• bps_timestamp – timestamp when the maximum value of the bps parameter was recorded.
• pps – inbound traffic in packets per second.
• pps_timestamp – timestamp when the maximum value of the pps parameter was recorded.
• rps – incoming traffic in HTTP requests per second.
• rps_timestamp – timestamp when the maximum value of the rps parameter was recorded.

Payload of webhooks for the Anomaly event:

• msg_type – message type. Possible values: anomaly_start (start of the anomaly) and anomaly_stop (end of the anomaly).
• anomaly_id – anomaly ID.
• timestamp – timestamp of the event.
• resource_id – resource ID.
• resource_name – resource name in English.
• group_id – resource group ID.
• group_name – name of the resource group in English.
• check_name – name of the measured resource parameter.
• check_measurement – measurement unit of the resource parameter.
• max_value – maximum value of the measured parameter.
• threshold – value of the alarm threshold of the measured parameter.
• excess_percentage – exceedance of the alarm threshold of the measured parameter in percent.

Payload of the BGP session shutdown event:

• msg_type – message type. Possible value: bgp_down (BGP session shutdown).
• peer_ip – IP address of the BGP session from Customer's side.
• timestamp – timestamp of the event.
• event_id – identifier of the event.

Payload of the Certificate expiration event:

• msg_type – message type. Possible value: ssl_certificate_expires (SSL certificate expiration).
• certificate_subject – object to which the certificate is issued.
• certificate_issuer – certificate authority that issued the certificate.
• valid_not_before – start of the certificate validity period.
• valid_not_after – end of the certificate validity period.
• kdp_name – name of the certificate in the KDP system.
• kdp_resource – name of the resource to which the certificate is connected.