Configure a webhook

To add a webhook, you will be asked :
  • the endpoint URL
  • which event you want to send
Once created, we will give you the signature key that you could use to verify webhook’s authenticity.
Webhooks are shared across all users of an organization.

Webhook format

Our webhooks payload are in a JSON format and follow the same structure : event : the event name timestamp : timestamp of when the webhook was sent data : an object containing properties to describe the event

Vulnerability Created

"data":{
      "pubkey": public key of the vulnerability - **string**
      "creator": email of the user that detected the vulnerability - **string**
      "rule_id": scanner_id of the rule - **string**
      "resource_path": path of the resource affected - **string**
      "created_at": vulnerability detection date - **timestamp**
      }

Vulnerability Remediated

"data":{
      "pubkey": public key of the vulnerability - **string**
      "creator": email of the user that detected the vulnerability - **string**
      "rule_id": scanner_id of the rule - **string**
      "resource_path": path of the resource affected - **string**
      "remediated_at": vulnerability remediation date - **timestamp**
      }

Training Completed

"data":{
      "started_at": when the user has started the training - **timestamp**
      "completed_at": when the user has completed the training - **timestamp**
      "user": email address of the user - **string**
      "training": name of the training - **string**
      "score": score of the user - **int**
   }

Verify webhooks

You can verify the authenticity of a Symbiotic webhook you receive using the signature key available in your Symbiotic account and the header symbioticsec_signature Signature is calculated using the following code on our side : 
import hashlib
import hmac
import json

def generate_signature(signing_secret: str, payload: dict) -> str:
    return hmac.new(
        bytes.fromhex(signing_secret),
        json.dumps(payload, sort_keys=True, separators=(",", ":")).encode(),
        hashlib.sha256,
    ).hexdigest()