Webhooks
Publishing notifications for external listeners
You can enable webhooks for Veza Rules and Alerts and Remediation Proposals to publish event notifications to external applications. When a destination web address is provided, Veza will push a JSON payload with alert information whenever the rule results change. Any entities added or removed since the last result are included in the metadata.
Once you have configured an endpoint to parse the message and trigger an action, webhooks can enable automated processes such as updating an issue tracker, creating a service desk ticket, or sending email or SMS notifications when Veza pushes an alert.
Webhooks can define destination URLs for Workflow events. See [Orchestration Actions and Reminders](../../features/access-reviews/integrations-reminders.md#workflow-Orchestration Actions-with-webhooks) for examples of the payload sent on certification, around the due date, or when a row is approved or rejected.
Configuring a new webhook
Navigate to Integrations > Orchestration Actions > Create Orchestration Action. Enter the required details:
A Name to identify the webhook
The destination URL of the application expecting the payload
Optionally, choose a username and password (Basic authentication) or certificate (bearer token) to include in the authentication header.
The URL must be unique for each new webhook added to Veza.
Adding a webhook to a rule
Webhooks can be attached to rules directly from the rule builder, accessed from the Remediation > Rules panel or by selecting an assessment from Access Search > Saved Queries.
From Rules, edit an existing rule or create a new one to open the rule builder
From the Saved Queries list, choose "Create a Rule" from the actions list
On the Edit Rule screen, select Deliver Alert via Webhook/Email and set an existing webhook
Using the Webhooks panel
You can view, create, and edit webhooks on the Integrations > Orchestration Actions page. For each rule, you can review the:
Name - provided when the webhook was created
Rules - any connected rules will be listed. If none are associated, the option to connect a rule will display instead
Actions - Edit, test, or delete the webhook
Testing a webhook
Click "test" on the webhook builder or configuration screen to validate that a URL has been successfully configured. A sample request will be sent to the destination URL, and a success notification will appear if Veza was able to POST a test notification to the endpoint. You should verify from the endpoint that the payload was delivered as expected.
Since queries are evaluated when a rule is updated, you can also edit the rule and save a change to test the webhook for that rule.
Webhook payloads
Alerts
Sample alert:
Field | Details |
---|---|
| Unique alert ID, also shown when exporting the list of alert events to CSV |
| The ID of the rule which triggered the alert |
| Alert trigger timestamp |
| Contains the node ID and node name for each entity in the most recent assessment |
| Contains the node ID and name of any new entities since the last time the assessment updated |
| Contains the node ID and name of entities included in the last query, but not in the current update |
If a username and password are provided, the Base64-encoded string will be included in the header (basic authentication).
Webhooks for Remediation Proposals
Messages for and Remediation Proposals have the keys:
Field | Details |
---|---|
| Recipe ID |
| "Access Removal" or recipe name |
| Contains one or more sets of instructions |
| Instruction type (not used). 1=default |
| Instructions to remediate access, using a template. |
| Contains the node ID and name of entities included in the last query, but not in the current update |
| String decribing each permission to a resource that will be changed by following the instructions |
Recipe
Remediation Proposal
Last updated