...
When a policy violation was opened.
When a policy violation was resolved
When a policy violation is closed and marked "Won't Fix“.
When a network service is discovered
Mobile Protect and API Protect
Mobile Protect and API Protect events can also be exported.
Setting up the Webhook Integration
...
Step 2: Enable Webhook Integration
Email to support@datatheorem.com the following information:
Name Of Integration (may contain letters, numbers, dashes, underscores, and spaces)
Webhook URL
Optional
HTTP Bearer Token Authorization Header Value. Example:
Bearer 123456abcde
Here a template you may use to when emailing Data Theorem support to enable the webhook integration:
| Code Block |
|---|
Please enable a webhook integration for <ORGANIZATION> using the following settings:
Name: <NAME FOR YOUR INTEGRATION LIKE "SPLUNK" OR "CUSTOM WEBHOOK-1">
URL: <WEBHOOK URL>
<IF USING HTTP BEARER TOKEN AUTH>
Authorization Header Value: <BEARER TOKEN>
|
You will receive a reply from Data Theorem once your integration has been enabled. Once your webhook integration is enabled your webhook endpoint will begin receiving events in real time from Data Theorem.You can configure webhooks directly in the DevSecOps section of the portal.
Events
The format of events to be sent via the webhook integration is available at https://datatheoremdocs.atlassiansecuretheorem.netcom/wiki/spaces/PKB/pages/656310320/Webhook+Event+Message+Format?moved=trueschema/webhook_schema.json and additional sample events are available at https://docs.securetheorem.com/webhooks/overview.html .
Example Event
| Code Block | ||
|---|---|---|
| ||
{
"event": {
"type": "API_SECURE__POLICY_VIOLATION_RESOLVED",
"data": {
"uuid": "924f1fb0-ebaa-4dfd-9297-390c0df18b44",
"affected_asset": {
"uuid": "ed1d9485-5672-4db0-81aa-f8e5c96ba750",
"name": "gumtree.com.au",
"portal_url": "https://dev-acheron.appspot.com/api/network-services/ed1d9485-5672-4db0-81aa-f8e5c96ba750",
"date_created": "2020-07-23T08:18:30.450602+00:00",
"discovered_via": "WEBSITE_CRAWLER",
"url": "https://gumtree.com.au",
"hosted_on": "UNKNOWN",
"type": "NETWORK_SERVICE",
"belongs_to_asset_group": {
"name": "CA Business Unit",
"uuid": "8cc7e379-1c9a-47df-aad1-a129afba337a"
},
"cloud_console_url": null
},
"policy_violation_status": "RESOLVED",
"date_created": "2021-01-19T12:04:15.714371+00:00",
"relevance": "IMPORTANT",
"description": "The server leverages a certificate for SSL/TLS connections that will expire in less than the configured number of days.\\n\\nIf the SSL certificate is not renewed in time, clients including browsers and mobile applications will not allow\\nconnecting to the server, and will instead display an error to the end-user stating that the connection is not secure.",
"recommendation": "Deploy a new SSL/TLS certificate on the affected server.",
"additional_information": null,
"portal_url": "https://dev-acheron.appspot.com/api/inspect/policy-violations/924f1fb0-ebaa-4dfd-9297-390c0df18b44",
"policy_name": "Data Theorem",
"policy_uuid": "17e0e14d-e6f1-4b35-a5c0-976dbbf41436",
"policy_portal_url": "https://dev-acheron.appspot.com/api/policy/17e0e14d-e6f1-4b35-a5c0-976dbbf41436",
"violated_policy_rule_uuid": "471284cb-e96a-49e0-a729-674cfe18f506",
"violated_policy_rule_type_uuid": "5c3b1f37-8509-5c6e-abed-6ee9f3497c17",
"exception_explanation": null,
"exception_date_created": null
},
"version": 1
},
"time": 1611733052,
"host": "securetheorem.com"
}
|
...