Setting up an integration with Webhook

Adding a new integration

To integrate Webhook with GravityZone Cloud Security, follow these steps:

Click the Settings icon in the upper-right side of the console.
Select Integrations.
Under the Notification Destinations section, click the Configuration button for the Webhook integration:
The Webhook configuration panel is displayed.
Click Configuration.
The Webhook Integration page is displayed.
Click Add a new integration.
Fill in the required Webhook information:
- Webhook name - Type in a descriptive name for the integration.
- Webhook URL - Enter the URL of the Webhook connection.
- Description - Type in a description of the integration.
- Payload - Enter the required payload for setting up the connection.
Click the Test integration button to make sure all the information entered is valid.
Click Save changes.

Prerequisites for integration with MS Teams

To obtain the URL, follow these steps:

Log in to Microsoft Teams.
Click the Teams icon on the right side of the window.
(Optional) If you do not already have one, set up a communication channel for your team:
1. Click the More options button for the target team.
2. Select Add channel.
3. Fill in the required details and click Create.
Click the More options button for the channel you want to set up notifications for and select Manage channel.
Click the Edit button under the Connectors section.
Click the Configure button for the Incoming Webhook connector.
Type in a descriptive name and click the Create button.
A URL is provided. Copy it and store it somewhere safe. You will paste it in the Webhook URL field under the Webhook integration window.

To build the payload required for a Webhook integration, follow the steps below:

Read the guide for creating a Webhook:
- For Microsoft Teams
- For Discord

Create the payload using one or more of these predefined variables:

Variable	Description	Example
`cloud_provider`	The name of the cloud provider.	`AWS`
`scan_group`	The name of the scan group in GravityZone.	`Production Group`
`scan_account`	The name of the scan account in GravityZone.	`Mobile App Account`
`cloud_account_id`	The id of the cloud account.	`308692709302`
`company_name`	The name of your company in GravityZone.	`My Company`
`url`	The URL of GravityZone Cloud Security overview page.	`https://app.cs.gravityzone.bitdefender.com/org/f9xaebf1-8cx4-418b-bx02-8x2dx48e1dbx`
`scan_completed_at`	The timestamp of when the findings were discovered.	`2024-06-06T09:23:40.566528`
`findings_overview.crit`	The total number of findings in the company with a Critical severity.	Any integer value.
`findings_overview.high`	The total number of findings in the company with a High severity.	Any integer value.
`findings_overview.med`	The total number of findings in the company with a Medium severity.	Any integer value.
`findings_overview.low`	The total number of findings in the company with a Critical severity.	Any integer value.
`findings_overview.info`	The total number of findings in the company with a Informational severity.	Any integer value.
`findings_new.crit`	The total number of newly discovered Critical severity findings from the latest scan.	Any integer value.
`findings_new.high`	The total number of newly discovered High severity findings from the latest scan.	Any integer value.
`findings_new.med`	The total number of newly discovered Medium severity findings from the latest scan.	Any integer value.
`findings_new.low`	Count of newly discovered Low severity findings from the latest scan	Any integer value.
`findings_new.info`	The total number of newly discovered Informational severity findings from the latest scan.	Any integer value.

{
	"type": "message",
	"attachments": [
		{
			"content": {
				"body": [
					{
						"size": "medium",
						"text": "GravityZone Cloud Security Scan Summary for {$.company_name}: {$.cloud_provider} cloud",
						"type": "TextBlock",
						"wrap": true,
						"style": "heading",
						"weight": "bolder"
					},
					{
						"text": "{$.scan_group}: {$.scan_account}",
						"type": "TextBlock",
						"wrap": true,
						"weight": "bolder"
					},
					{
						"text": "Detected at: {$.scan_completed_at}",
						"type": "TextBlock",
						"wrap": true,
						"spacing": "none",
						"isSubtle": true
					},
					{
						"text": "There are new findings discovered during the last scan:",
						"type": "TextBlock",
						"wrap": true
					},
					{
						"text": "CRIT Findings: {$.findings_new.crit}",
						"type": "TextBlock"
					},
					{
						"text": "HIGH Findings: {$.findings_new.high}",
						"type": "TextBlock"
					},
					{
						"text": "----------",
						"type": "TextBlock"
					},
					{
						"text": "Total Open Findings in the Company:",
						"type": "TextBlock"
					},
					{
						"text": "{$.findings_overview.crit} CRIT | {$.findings_overview.high} HIGH | {$.findings_overview.medium} MED | {$.findings_overview.low} LOW | {$.findings_overview.low} INFO",
						"type": "TextBlock",
						"wrap": true
					}
				],
				"type": "AdaptiveCard",
				"$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
				"actions": [
					{
						"url": "{$.url}",
						"type": "Action.OpenUrl",
						"title": "Go to GravityZone"
					}
				],
				"version": "1.2"
			},
			"contentType": "application/vnd.microsoft.card.adaptive"
		}
	]
}

Copy it and store it somewhere safe. You will paste it under the Payload section under the Webhook integration window.

Editing a Webhook integration

Click the Settings icon in the upper-right side of the console.
Select Integrations.
Under the Notification Destinations section, click the Configuration button for the Webhook integration:
The Webhook configuration panel is displayed.
Click the Edit button.
Note
You can not edit an active integration. Remove them from all linked schedules first.
Make the required notification.
Click Save.

Deleting a Webhook integration

Click the Settings icon in the upper-right side of the console.
Select Integrations.
Under the Notification Destinations section, click the Configuration button for the Webhook integration:
The Webhook configuration panel is displayed.
Click the Delete button.
Note
You can not delete active integration. Remove them from all linked schedules first.

In this section: