LogoLogo
API DocumentationIntegrationsPlexTrac.com
  • Product Documentation
    • Using This Site
    • Security Advisories
    • Deployment and Maintenance Policy
    • Supported Applications
  • PlexTrac Modules
    • Dashboard
    • Clients
      • Clients Components
      • Creating a Client
      • Managing Clients
      • Managing Client Users
      • Adding Assets to a Client
      • Managing Assets
    • Schedule
      • Schedule Components
      • Creating an Engagement
      • Requesting an Engagement
      • Managing Engagements
      • Engagement Status
    • Assessments
      • Assessment Components
      • Managing Questionnaires
      • Starting an Assessment
      • Taking an Assessment
      • Reviewing an Assessment
      • Submitting an Assessment
    • Reports
      • Report Components
      • Creating a Report
      • Adding from NarrativesDB
      • Editing a Report
      • Using Short Codes in Reports
      • Findings
        • Creating a Finding
        • Collaborative Editing
        • Importing Findings from a File
        • CSV Findings Templates
          • Using Report Findings CSV Template
        • Importing Findings via an Integration
        • Importing Findings from WriteupsDB
        • Finding Status
        • Creating Jira Tickets
        • CVSS Scoring
        • Affected Assets
      • Importing a Report
      • Exporting a Report
    • Priorities
      • Priorities Components
      • Creating a Priority
      • Linking Findings and Assets
      • Managing Priorities
      • Priorities Metrics
    • Content Library
      • Types of Repositories
      • NarrativesDB
        • NarrativesDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Managing Sections
        • Creating a Section
      • WriteupsDB
        • WriteupsDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Creating a Writeup
        • Copying a Writeup
        • Adding to a Report
        • Importing via CSV Template
      • RunbooksDB
        • RunbooksDB Home Page
        • Managing Repositories
        • Managing Users
        • Creating a Repository
        • Creating a Procedure
        • Creating a Technique
        • Creating a Tactic
        • Creating a Methodology
    • Analytics
      • Findings
      • Assets
      • Runbooks
      • Trends & SLAs
    • Runbooks
      • Managing Engagements
        • Starting an Engagement
        • Submitting an Engagement
      • Managing Test Plans
        • Creating a Test Plan
        • Exporting a Test Plan
  • Tenant Management
    • Account Management
      • Profile (Personal Settings)
        • Managing User Profile
        • Managing Password
        • Setting Up Two-Factor Authentication
      • Account Admin
        • Tenant Settings
          • Account Information
          • General Settings
          • Email Settings
          • Tags Settings
          • Service-Level Agreements (SLAs)
          • Short Codes
        • Customizations
          • Layouts
          • Templates
            • Report Templates
            • Export Templates
            • Style Guides
          • Theme
        • Automations
          • Risk Scoring
            • Creating Equations
            • Managing Priority Equations
          • Parser Actions
        • Integrations & Webhooks
          • Integrations (API)
            • Cobalt
            • Edgescan
            • HackerOne
            • Jira
            • ServiceNow
            • Tenable Vulnerability Management
            • Tenable Security Center
          • Webhooks
        • Security & User Management
          • Audit Log
          • Security
            • Authentication Methods
              • OAuth/OpenID Setup
                • Microsoft Entra ID
                • Google OAuth
                • Okta
                • OpenID Connect
              • SAML Setup
            • General Authentication Settings
            • Authorization
            • Role Based Access (RBAC)
              • Custom Roles
            • Classification Tiers
          • Users
            • Adding Users
            • Managing Users
        • Licensing
          • Licensing
          • Priorities
          • Plex AI
            • Using AI
        • White Labeling
      • Help Center
      • Logout
    • Integrations and File Imports
      • Acunetix
      • BlindSPOT
      • Burp Suite
      • Checkmarx
      • Core Impact
      • HCL AppScan
      • Invicti
      • Nessus
      • Nexpose
      • Nipper
      • Nmap (Assets)
      • Nmap Vulners NSE
      • Nodeware
      • NodeZero
      • OpenVAS
      • OWASP ZAP
      • Pentera
      • Qualys (VM Parser)
      • Qualys (Web App Scanner)
      • RapidFire
      • Scythe
      • Veracode
  • API Documentation
    • Overview
    • Concept Definitions
    • Getting Started
    • Retrieving Parameter IDs
    • Object Structures
      • Client Object
      • Report Object
      • Finding Object
      • Asset Object
      • Evidence Object
    • Use Cases
    • API Change Policy
      • API Change Log
    • Webhooks
      • Webhook Payload Structure
      • Verifying Sender Requests
Powered by GitBook

Resources

  • Privacy Policy
  • Terms of Use
  • Vulnerability Policy

© 2025 PlexTrac, Inc. All rights reserved.

On this page
  • Webhooks vs. APIs
  • List of Webhooks
  • Creating a Webhook
  • Managing Webhooks

Was this helpful?

Export as PDF
  1. Tenant Management
  2. Account Management
  3. Account Admin
  4. Integrations & Webhooks

Webhooks

PreviousTenable Security CenterNextSecurity & User Management

Last updated 3 months ago

Was this helpful?

Webhooks are a real-time, event-driven communication method that allows PlexTrac to send data automatically when a specific event occurs. Using HTTP POST requests, webhooks enable immediate data transfer without constant pulling, making them efficient and lightweight. By providing a unique URL for event notifications, webhooks facilitate automation and real-time updates between applications while ensuring security through authentication methods and encryption.

Developers and technical users seeking to automate webhook management or integrate PlexTrac with other systems should refer to the . This page provides detailed instructions on programmatically creating, updating, and testing webhooks, making it suitable for those who require greater flexibility and control over their integrations.

Webhooks vs. APIs

APIs use a pull model where clients request data from servers, while webhooks employ a push model, automatically sending data to clients when specific events occur. APIs often require polling for updates, which can introduce latency and consume resources, whereas webhooks provide real-time notifications, making them more efficient for immediate actions. While APIs are suited for complex data manipulation and retrieval, webhooks excel in automating workflows with simple event-driven notifications. Additionally, APIs necessitate client-initiated requests, while webhooks require clients to set up a URL endpoint to receive data.

List of Webhooks

Webhooks offered at this time that run on the following PlexTrac trigger event:

  • On report publish

  • On assessment submission

  • On scheduler engagement submission

  • On finding publish

Creating a Webhook

Step 1: From the Admin Dashboard, click the Webhooks button under "Integrations & webhooks."

Step 2: Click New webhook.

Step 3: Select the webhook type. PlexTrac provides configured solutions for standard solutions, such as Slack and Microsoft Teams.

Step 4: Click Continue.

Step 5: Enter the desired information on the page.

  1. Provide a webhook name.

  2. Confirm if this applies to all clients or a specific one(s).

  3. Select the PlexTrac trigger event from the provided options. More than one can be selected.

  4. Insert the url of the application receiving the webhook data.

  5. Enter the secret to validate authentication of the connection (if applicable).

  6. Enter an message data that should appear to the receiver of the webhook.

  7. Click Test connection to validate the configuration of an endpoint.

When activated, this test initiates a series of checks to ensure everything functions correctly. First, the button verifies that the provided URL is valid and accessible and no redirect occurred. It checks that the domain resolves correctly and that the endpoint responds with a 200 OK status code, indicating that it is operational. In addition to these validations, the endpoint must respond within five seconds, although the response time should be under one second for optimal efficiency.

For security purposes, if a secret is used, the button generates an HMAC-256 signature and includes it in the X-Authorization-HMAC-256 header of the POST request. This ensures that any communication with the endpoint remains secure.

Step 6: Click Save.

The webhook is enabled by default but can be turned off by toggling the bar under the "Enabled" column.

Managing Webhooks

Existing configurations can be modified by clicking Edit under the "Actions" menu of the webhook.

Webhooks can be deleted, or event logs can be viewed by clicking the three dots under the "Actions" menu of the webhook.

Special permissions, such as admin access to the workspace or channel, may be required to complete the setup. Visit and documentation for more information on configuring webhooks within those applications.

Slack
Microsoft Teams
API endpoint documentation