Webhooks

PreviousTenable Security Center NextSecurity & User Management

Last updated 3 months ago

Was this helpful?

Webhooks

Webhooks are a real-time, event-driven communication method that allows PlexTrac to send data automatically when a specific event occurs. Using HTTP POST requests, webhooks enable immediate data transfer without constant pulling, making them efficient and lightweight. By providing a unique URL for event notifications, webhooks facilitate automation and real-time updates between applications while ensuring security through authentication methods and encryption.

Developers and technical users seeking to automate webhook management or integrate PlexTrac with other systems should refer to the . This page provides detailed instructions on programmatically creating, updating, and testing webhooks, making it suitable for those who require greater flexibility and control over their integrations.

Webhooks vs. APIs

APIs use a pull model where clients request data from servers, while webhooks employ a push model, automatically sending data to clients when specific events occur. APIs often require polling for updates, which can introduce latency and consume resources, whereas webhooks provide real-time notifications, making them more efficient for immediate actions. While APIs are suited for complex data manipulation and retrieval, webhooks excel in automating workflows with simple event-driven notifications. Additionally, APIs necessitate client-initiated requests, while webhooks require clients to set up a URL endpoint to receive data.

List of Webhooks

Webhooks offered at this time that run on the following PlexTrac trigger event:

On report publish
On assessment submission
On scheduler engagement submission
On finding publish

Creating a Webhook

Step 1: From the Admin Dashboard, click the Webhooks button under "Integrations & webhooks."

Step 2: Click New webhook.

Step 3: Select the webhook type. PlexTrac provides configured solutions for standard solutions, such as Slack and Microsoft Teams.

Step 4: Click Continue.

Step 5: Enter the desired information on the page.

Provide a webhook name.
Confirm if this applies to all clients or a specific one(s).
Select the PlexTrac trigger event from the provided options. More than one can be selected.
Insert the url of the application receiving the webhook data.
Enter the secret to validate authentication of the connection (if applicable).
Enter an message data that should appear to the receiver of the webhook.
Click Test connection to validate the configuration of an endpoint.

When activated, this test initiates a series of checks to ensure everything functions correctly. First, the button verifies that the provided URL is valid and accessible and no redirect occurred. It checks that the domain resolves correctly and that the endpoint responds with a 200 OK status code, indicating that it is operational. In addition to these validations, the endpoint must respond within five seconds, although the response time should be under one second for optimal efficiency.

For security purposes, if a secret is used, the button generates an HMAC-256 signature and includes it in the X-Authorization-HMAC-256 header of the POST request. This ensures that any communication with the endpoint remains secure.

Step 6: Click Save.

The webhook is enabled by default but can be turned off by toggling the bar under the "Enabled" column.

Managing Webhooks

Existing configurations can be modified by clicking Edit under the "Actions" menu of the webhook.

Webhooks can be deleted, or event logs can be viewed by clicking the three dots under the "Actions" menu of the webhook.