Generic webhooks

Contrast supports a generic webhook integration to receive notifications on any URL that receives POST messages. You can add custom variables to your payload like $ApplicationName and $ServerId when a Contrast event triggers them.

Connect

To connect a generic webhook:

  1. Retrieve the URL from which you want Contrast to receive notifications.

  2. In the user menu, select Organization settings > Integrations.

  3. In the Generic webhook integration option, select Connect.

  4. Name the webhook, and paste the URL in the designated field.

  5. Select the application(s) that you want to filter.

  6. In the Payload field, enter a variable. For example:

    {
        'title': $Title,
        'message': $Message
    }
  7. Select Save.

Note

If this webhook fails to return a successful response after 5 attempts, it will be disconnected. To restore the configuration, you must retest the connection and resave it.

You can configure the integration so that all Organization Administrators are notified in the Contrast application and by email when Contrast disconnects a generic webhook.

To do this, go to the same location: Organization settings > Integrations > Generic webhook > Show configurations. Select the name of the connection you want to configure. Then select the box to receive notifications and click Save.

Notify on disconnect. If this webhook fails to return a successful response after 5 attempts, it will be disconnected. All organization administrators will be notified in Contrast and by email.

Events and generic webhook variables

You can customize your generic webhook response with data from Contrast events such as NEW_VULNERABILITY and SERVER_OFFLINE. Each event contains general, application, server or vulnerability variables you can call in your payload request.

Event

Variables

ATTACK_END

General, Application, Server

ATTACK_EVENT_COMMENT

General, Application, Server

ATTACK_UPDATE

General, Application, Server

EXPIRING_LICENSE

General, Application

NEW_ASSET (if new application)

General, Application and Server (if new application)

NEW_ATTACK_APPLICATION

General, Application, Server

NEW_ATTACK_UPDATE

General, Application, Server

NEW_ATTACK

General, Application, Server

NEW_VULNERABILITY_COMMENT

General, Application, Server, Vulnerability

NEW_VULNERABILITY

General, Application, Server, Vulnerability

NEW_VULNERABLE_LIBRARY

General, Application

SERVER_OFFLINE

General, Server

VULNERABILITY_CHANGESTATUS_CLOSED

General, Application, Server, Vulnerability

VULNERABILITY_CHANGESTATUS_OPEN

General, Application, Server, Vulnerability

VULNERABILITY_DUPLICATE

General, Application, Server, Vulnerability