Skip to main content

Generic webhook variables

You can customize your generic webhook response with data from Contrast events such as NEW_VULNERABILITYand SERVER_OFFLINE. Each event contains variables you can call in your payload request. Variables are either for general use or for an application, server or vulnerability.

Variables

Description

General variables

$EventType

The event type responsible for triggering the webhook

For example: SERVER_OFFLINE

$Message

A message summarizing the event that triggered the webhook

$OrganizationId

The unique ID Contrast assigns to an organization when it is created

$OrganizationName

The name of your organization

$Title

Always returns “Contrast Security”

Application variables

$ApplicationChild

Returns true if the application is a child application, false if not

$ApplicationCode

A secondary shorthand that appears in the title of an application, and is blank by default

For example: TEST

$ApplicationContextPath

The context path of the application

For example: /example/somethingelse

$ApplicationFirstSeen

When the application was first seen, in Unix time

For example: 1572033840000

$ApplicationHasParentApp

Returns true if the application has a parent, false if not

$ApplicationImportance

Enumerated value of the application Importance level

For example: MEDIUM

$ApplicationId

The unique ID Contrast assigns to an application when it is created

For example: 49fe2978-1833-4441-83db-2b7o486d9413

$ApplicationImportanceDescription

The importance level assigned to the application For example: Medium

$ApplicationLanguage

The programming language of the application

$ApplicationLastSeen

When the application was last seen, in Unix time For example: 1572033840000

$ApplicationLicenseLevel

Whether or not the application has an Assess license Values: Licensed, Unlicensed

$ApplicationMaster

Returns true if the application is a primary application, false if not

$ApplicationName

The name of the application

$ApplicationParentAppId

The unique ID Contrast assigns to an application when it’s created, in this case, the parent application, if it exists

For example: 49fe2978-1833-4441-83db-2b7o486d9413

$ApplicationTags

A comma separated list of the Application tags.

$ApplicationTotalModules

The number of modules your application has

Server variables

$Environment

The environment of the server For example: DEVELOPMENT or PRODUCTION

$ServerId

The ID of the server involved in the event

If more than one server is involved, this is a comma-delimited list of server IDs.

$ServerName

The name of the server involved in the event

If more than one server is involved, this is a comma-delimited list of server names

Vulnerability variables

$Severity

If this event is triggered by a vulnerability, this is the severity of the vulnerability

$Status

If this event is triggered by a vulnerability, this is the status of the vulnerability

$TraceId

If this event is triggered by a vulnerability, this is the vulnerability ID

$VulnerabilityAgentLanguage

The application language or framework name of the where the vulnerability was discovered (for example,.Java, .NET, Ruby, and so forth.)

$VulnerabilityAppVersionTags

The application versions the vulnerability is found in

For example: v1.2.3

$VulnerabilityAutoRemediatedExpirationPeriod

Auto-remediated expiration period for the vulnerability, in Unix time

For example: 1572033840000

$VulnerabilityBugTrackerTickets

A comma delimited list of tickets created when the vulnerability was sent to bugtracker

For example: ticket1, ticket2, ticket3

$VulnerabilityCategory

The category of vulnerability found For example: Injection

$VulnerabilityClosedTime

When the vulnerability was closed, in Unix time

For example: 1572033840000

$VulnerabilityConfidence

Confidence of the vulnerability

$VulnerabilityDefaultSeverity

Default severity of the vulnerability

$VulnerabilityDiscovered

When the vulnerability was first discovered, in Unix time

For example: 1572033840000

$VulnerabilityEvidence

The evidence of the vulnerability

$VulnerabilityInstanceUuid

The unique ID Contrast assigns to a vulnerability instance when it is created

For example:  R33T-N00B-TGIF-RM6P

$VulnerabilityFirstTimeSeen

When the vulnerability was first seen, in Unix time For example: 1572033840000

$VulnerabilityImpact

The impact level of the vulnerability Values: Low, Medium, High

$VulnerabilityLastTimeSeen

Last time the vulnerability was seen, in Unix time For example: 1572033840000

$VulnerabilityInstanceLastTimeSeen

Last time the vulnerability was seen, in Unix time For example: 1572033840000

$VulnerabilityLicenseLevel

License level of the vulnerability

$VulnerabilityLikelihood

The likelihood of the vulnerability

Values: Low, Medium, High

$VulnerabilityReportedToBugTracker

When the vulnerability was sent to a bugtracker, in Unix time

For example: 1572033840000

$VulnerabilityReportedToBugTrackerTime

Returns true If the vulnerability was sent to a bugtracker

$VulnerabilityRule

Rule associated with the vulnerability

$VulnerabilityRuleName

Name of the rule associated to the vulnerability

$VulnerabilityRuleTitle

Title of the rule associated to the vulnerability

$VulnerabilitySubStatus

Substatus of the vulnerability

$VulnerabilityTags

Custom tags associated with the vulnerability

For example: my-custom-tag

$VulnerabilityTitle

Title of the vulnerability

$VulnerabilitySubStatusKeyCode

Key code of the vulnerability substatus

$VulnerabilityTotalTracesReceived

Total number of times the vulnerability was received

$VulnerabilityUuid

The unique ID used to look up a vulnerability

$VulnerabilityVisible

true if the vulnerability is licensed and visible, false if not

$VulnerabilityRule

If event is triggered by a vulnerability, this is the rule that the vulnerability violated

$VulnerabilityTags

If event is triggered by a vulnerability, this is a comma-delimited list of tags associated with the vulnerability

In this section: