To add a webhook, you will be asked :
- the endpoint URL
- which event you want to send
Once created, we will give you the signature key that you could use to verify webhook’s authenticity.
Webhooks are shared across all users of an organization.
event : the event name
→ timestamp : timestamp of when the webhook was sent
→ data : an object containing properties to describe the event
Vulnerability Created
"data":{
"pubkey": public key of the vulnerability - **string**
"creator": email of the user that detected the vulnerability - **string**
"rule_id": scanner_id of the rule - **string**
"resource_path": path of the resource affected - **string**
"created_at": vulnerability detection date - **timestamp**
}
"data":{
"pubkey": public key of the vulnerability - **string**
"creator": email of the user that detected the vulnerability - **string**
"rule_id": scanner_id of the rule - **string**
"resource_path": path of the resource affected - **string**
"remediated_at": vulnerability remediation date - **timestamp**
}
Training Completed
"data":{
"started_at": when the user has started the training - **timestamp**
"completed_at": when the user has completed the training - **timestamp**
"user": email address of the user - **string**
"training": name of the training - **string**
"score": score of the user - **int**
}
Verify webhooks
You can verify the authenticity of a Symbiotic webhook you receive using the signature key available in your Symbiotic account and the header symbioticsec_signature
Signature is calculated using the following code on our side :
import hashlib
import hmac
import json
def generate_signature(signing_secret: str, payload: dict) -> str:
return hmac.new(
bytes.fromhex(signing_secret),
json.dumps(payload, sort_keys=True, separators=(",", ":")).encode(),
hashlib.sha256,
).hexdigest()
