Cloud Posture supports notifications sent via a
custom webhook channel. These notifications will be sent to user-created channels
with
all relevant users receiving the notifications.
- Click on Create a Webhook channel.
- Set automatic notifications.
- Configure Triggers.
- Configure now will allow the addition of a Webhook channel using the
following parameter
-
Webhook URL: Make sure that you enter a secure Webhook URL with 'https'!!! note "" * URL cannot begin with http:// (only https://) * URL cannot contain localhost * URL cannot contain an IP address
-
Webhook Security Token!!! note "" Any non-base64 characters will not be accepted
Validating payloads from Cloud PostureIf you decide to set the optional security token, Cloud Posture uses it to create a hash signature with each payload.The hash signature is passed along with each request to the url you have specified in the headers as X-Cloud Posture-Signature.The idea is to compute a hash using your provided security token, and ensuring that the hash from our end matches with your end. The hash signature is generated from Cloud Posture and uses HMAC hexdigest (sha-256) so you could set up your server similar to this example below:const signatureHash = request.headers["X-Cloud Posture-Signature"]; const hmac = crypto.createHmac("sha256", YOUR_SECURITY_TOKEN); const digest = Buffer.from( hmac.update(JSON.stringify(PAYLOAD_BODY)).digest("hex") ); const checksum = Buffer.from(signatureHash, "utf8"); if ( checksum.length !== digest.length || !crypto.timingSafeEqual(digest, checksum) ) { console.log('Request body digest(${ digest }) did not match X - Cloud Posture - Signature(${ checksum })'); throw new Error("Hashes do not match!"); } console.log("Hashes match!");
-
- Copy communication settingsOnce the channel creation is successful, you will be able to see the Webhook channel from your Communication Settings.