Objective
Configure a webhook to get notified when a vulnerability has been deleted from the Contrast UI.
Process
1. Configure a generic webhook
For this, we will set one up using requestbin.
Click on:
You will need to create an account:
Once your account is created, you will see something like this:
Navigate to the workflow and copy the endpoint to the workflow:
2. Configure the Contrast UI
As an admin user, log in to Contrast and navigate to Organization Settings->Integrations->Generic
Webhook
. Fill in the details for the webhook and paste the endpoint from above in the URL section. You can find details of the payload here
Once this has been configured, click on the Test URL
. Resulting in a POST event in the workflow like:
After confirming this, you can hit Save.
3. Set up notifications
To enable the delete notifications, we will need to configure this with the following endpoint:
{host}/Contrast/api/ng/{orgUuid}/notifications/organization/VULNERABILITY_DELETE/channel/WEBHOOK
The body of this should look like:
{ "status": true, "webhook_id": {webhookId} }
The curl command:
curl --location --request PUT '{host}/Contrast/api/ng/{orgUuid}/notifications/organization/VULNERABILITY_DELETE/channel/WEBHOOK' \
--header 'Authorization: {authorization}' \
--header 'API-Key: {api-key}' \
--header 'Content-Type: application/json' \
--data-raw '{
"status":true,
"webhook_id":{webhookId}
}'
You can find the webhookID
by clicking into the webhook and looking at the URL.
Once you have the webhookID
, you can run the curl command. You should see the following response:
4. Confirming that the webhook works when a vulnerability is deleted
Navigate to the application this webhook has been created for and delete a vulnerability. The following event should be generated from the webhook.
You should notice an event type of VULNERABILITY_DELETE
.