How to configure a vulnerability delete notification with a webhook

  • Updated

Objective

Configure a webhook to get notified when a vulnerability has been deleted from the Contrast UI. 

Process

1. Configure a generic webhook

For this, we will set one up using requestbin.

Click on:

Screen_Shot_2022-10-11_at_12.27.08_PM.png

You will need to create an account:

mceclip0.png

Once your account is created, you will see something like this:

mceclip1.png

Navigate to the workflow and copy the endpoint to the workflow:

Screen_Shot_2022-10-11_at_12.33.08_PM.png

2. Configure the Contrast UI

As an admin user, log in to Contrast and navigate to Organization Settings->Integrations->Generic Webhook. Fill in the details for the webhook and paste the endpoint from above in the URL section. You can find details of the payload here

mceclip2.png

Once this has been configured, click on the Test URL. Resulting in a POST event in the workflow like:

Screen_Shot_2022-10-11_at_12.44.54_PM.png

After confirming this, you can hit Save.

3. Set up notifications

To enable the delete notifications, we will need to configure this with the following endpoint:

{host}/Contrast/api/ng/{orgUuid}/notifications/organization/VULNERABILITY_DELETE/channel/WEBHOOK

The body of this should look like:

{ "status": true, "webhook_id": {webhookId} }

The curl command:

curl --location --request PUT '{host}/Contrast/api/ng/{orgUuid}/notifications/organization/VULNERABILITY_DELETE/channel/WEBHOOK' \
--header 'Authorization: {authorization}' \
--header 'API-Key: {api-key}' \
--header 'Content-Type: application/json' \
--data-raw '{
"status":true,
"webhook_id":{webhookId}
}'

You can find the webhookID by clicking into the webhook and looking at the URL.

Screen_Shot_2022-10-11_at_12.55.18_PM.png

Once you have the webhookID, you can run the curl command. You should see the following response:
mceclip3.png

4. Confirming that the webhook works when a vulnerability is deleted

Navigate to the application this webhook has been created for and delete a vulnerability. The following event should be generated from the webhook.

Screen_Shot_2022-10-11_at_12.59.08_PM.png

You should notice an event type of VULNERABILITY_DELETE.

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request