Skip to main content

Generic webhooks

Contrast supports a generic webhook integration to receive notifications on any URL that receives POST messages. You can add custom variables to your payload like $ApplicationName and $ServerId when a Contrast event triggers them.

A generic webhook stays connected as long as the receiving end returns any 2XX HTTP response code. If the generic webhook receives too many non-2XX response codes, it disconnects.

Connect

To connect a generic webhook:

  1. Retrieve the URL from which you want Contrast to receive notifications.

  2. In the user menu, select Organization settings > Integrations.

  3. In the Generic webhook integration option, select Connect.

  4. Name the webhook, and paste the URL in the designated field.

  5. Select the application(s) that you want to filter.

  6. In the Payload field, enter a variable. For example:

    {
       "title": "$Title",
       "message": "$Message"
    }
  7. Select Add.

To test the webhook:

  1. Go to Organization settings > Notifications.

  2. In the dropdown under Integrations, select the generic webhook name.

  3. For each Subscription (event type) you want to be notified of, click the toggle in the Integrations column.

  4. Cause an event type to occur, and confirm that you get a notification at the URL specified.

Note

If this webhook fails to return a successful response after 5 attempts, it will be disconnected. To restore the configuration, you must retest the connection and resave it.

You can configure the integration so that all Organization Administrators are notified in the Contrast application and by email when Contrast disconnects a generic webhook.

To do this, go to the same location: Organization settings > Integrations > Generic webhook > Show configurations. Select the name of the connection you want to configure. Then select the Notify on disconnect checkbox to receive notifications and click Save.

Notify on disconnect. If this webhook fails to return a successful response after 5 attempts, it will be disconnected. All organization administrators will be notified in Contrast and by email.

Generic webhook variables

You can customize your generic webhook response with data from Contrast events such as NEW_VULNERABILITYand SERVER_OFFLINE. Each event contains variables you can call in your payload request. Variables are either for general use or for an application, server or vulnerability.

Variables

Description

General variables

$EventType

The event type responsible for triggering the webhook

For example: SERVER_OFFLINE

$Message

A message summarizing the event that triggered the webhook

$OrganizationId

The unique ID Contrast assigns to an organization when it is created

$OrganizationName

The name of your organization

$Title

Always returns “Contrast Security”

Application variables

$ApplicationChild

Returns true if the application is a child application, false if not

$ApplicationCode

A secondary shorthand that appears in the title of an application, and is blank by default

For example: TEST

$ApplicationContextPath

The context path of the application

For example: /example/somethingelse

$ApplicationFirstSeen

When the application was first seen, in Unix time

For example: 1572033840000

$ApplicationHasParentApp

Returns true if the application has a parent, false if not

$ApplicationImportance

Enumerated value of the application Importance level

For example: MEDIUM

$ApplicationId

The unique ID Contrast assigns to an application when it is created

For example: 49fe2978-1833-4441-83db-2b7o486d9413

$ApplicationImportanceDescription

The importance level assigned to the application For example: Medium

$ApplicationLanguage

The programming language of the application

$ApplicationLastSeen

When the application was last seen, in Unix time For example: 1572033840000

$ApplicationLicenseLevel

Whether or not the application has an Assess license Values: Licensed, Unlicensed

$ApplicationMaster

Returns true if the application is a primary application, false if not

$ApplicationName

The name of the application

$ApplicationParentAppId

The unique ID Contrast assigns to an application when it’s created, in this case, the parent application, if it exists

For example: 49fe2978-1833-4441-83db-2b7o486d9413

$ApplicationTags

A comma separated list of the Application tags.

$ApplicationTotalModules

The number of modules your application has

Server variables

$Environment

The environment of the server For example: DEVELOPMENT or PRODUCTION

$ServerId

The ID of the server involved in the event

If more than one server is involved, this is a comma-delimited list of server IDs.

$ServerName

The name of the server involved in the event

If more than one server is involved, this is a comma-delimited list of server names

Vulnerability variables

$Severity

If this event is triggered by a vulnerability, this is the severity of the vulnerability

$Status

If this event is triggered by a vulnerability, this is the status of the vulnerability

$TraceId

If this event is triggered by a vulnerability, this is the vulnerability ID

$VulnerabilityAgentLanguage

The application language or framework name of the where the vulnerability was discovered (for example,.Java, .NET, Ruby, and so forth.)

$VulnerabilityAppVersionTags

The application versions the vulnerability is found in

For example: v1.2.3

$VulnerabilityAutoRemediatedExpirationPeriod

Auto-remediated expiration period for the vulnerability, in Unix time

For example: 1572033840000

$VulnerabilityBugTrackerTickets

A comma delimited list of tickets created when the vulnerability was sent to bugtracker

For example: ticket1, ticket2, ticket3

$VulnerabilityCategory

The category of vulnerability found For example: Injection

$VulnerabilityClosedTime

When the vulnerability was closed, in Unix time

For example: 1572033840000

$VulnerabilityConfidence

Confidence of the vulnerability

$VulnerabilityDefaultSeverity

Default severity of the vulnerability

$VulnerabilityDiscovered

When the vulnerability was first discovered, in Unix time

For example: 1572033840000

$VulnerabilityEvidence

The evidence of the vulnerability

$VulnerabilityInstanceUuid

The unique ID Contrast assigns to a vulnerability instance when it is created

For example:  R33T-N00B-TGIF-RM6P

$VulnerabilityFirstTimeSeen

When the vulnerability was first seen, in Unix time For example: 1572033840000

$VulnerabilityImpact

The impact level of the vulnerability Values: Low, Medium, High

$VulnerabilityLastTimeSeen

Last time the vulnerability was seen, in Unix time For example: 1572033840000

$VulnerabilityInstanceLastTimeSeen

Last time the vulnerability was seen, in Unix time For example: 1572033840000

$VulnerabilityLicenseLevel

License level of the vulnerability

$VulnerabilityLikelihood

The likelihood of the vulnerability

Values: Low, Medium, High

$VulnerabilityReportedToBugTracker

When the vulnerability was sent to a bugtracker, in Unix time

For example: 1572033840000

$VulnerabilityReportedToBugTrackerTime

Returns true If the vulnerability was sent to a bugtracker

$VulnerabilityRule

Rule associated with the vulnerability

$VulnerabilityRuleName

Name of the rule associated to the vulnerability

$VulnerabilityRuleTitle

Title of the rule associated to the vulnerability

$VulnerabilitySubStatus

Substatus of the vulnerability

$VulnerabilityTags

Custom tags associated with the vulnerability

For example: my-custom-tag

$VulnerabilityTitle

Title of the vulnerability

$VulnerabilitySubStatusKeyCode

Key code of the vulnerability substatus

$VulnerabilityTotalTracesReceived

Total number of times the vulnerability was received

$VulnerabilityUuid

The unique ID used to look up a vulnerability

$VulnerabilityVisible

true if the vulnerability is licensed and visible, false if not

$VulnerabilityRule

If event is triggered by a vulnerability, this is the rule that the vulnerability violated

$VulnerabilityTags

If event is triggered by a vulnerability, this is a comma-delimited list of tags associated with the vulnerability

Events and generic webhook variables

You can customize your generic webhook response with data from Contrast events such as NEW_VULNERABILITY and SERVER_OFFLINE. Each event contains general, application, server or vulnerability variables you can call in your payload request.

Event

Variables

ATTACK_END

General, Application, Server

ATTACK_EVENT_COMMENT

General, Application, Server

ATTACK_UPDATE

General, Application, Server

EXPIRING_LICENSE

General, Application

NEW_ASSET (if new application)

General, Application and Server (if new application)

NEW_ATTACK_APPLICATION

General, Application, Server

NEW_ATTACK_UPDATE

General, Application, Server

NEW_ATTACK

General, Application, Server

NEW_VULNERABILITY_COMMENT

General, Application, Server, Vulnerability

NEW_VULNERABILITY

General, Application, Server, Vulnerability

NEW_VULNERABLE_LIBRARY

General, Application

SERVER_OFFLINE

General, Server

VULNERABILITY_CHANGESTATUS_CLOSED

General, Application, Server, Vulnerability

VULNERABILITY_CHANGESTATUS_OPEN

General, Application, Server, Vulnerability

VULNERABILITY_DUPLICATE

General, Application, Server, Vulnerability