Event-Driven Webhooks
Receive real-time HTTP notifications for security events, threat detections, compliance reports, and system alerts directly in your CI/CD pipeline or SIEM.
How It Works
CyberVault's webhook engine monitors your security posture and automatically pushes structured JSON payloads to your configured endpoints when predefined events trigger. Delivery is guaranteed with retry logic, signature verification, and idempotency tracking.
Event Occurs โ CyberVault Threat Engine โ Webhook Router โ Your Endpoint (POST) โ Retry Queue (if <200) โ Dashboard Log
Supported Events
Currently, the beta supports 12 core event types. Additional enterprise and compliance events are scheduled for v1.0.
| Event Type | Description | Severity |
|---|---|---|
threat.detected | AI engine flags malicious activity | Critical |
incident.created | New security incident ticket opened | High |
compliance.report.ready | SOC 2 / ISO 27001 audit report generated | Info |
auth.suspicious | Unusual login pattern or MFA bypass attempt | Medium |
endpoint.offline | Managed agent loses connectivity | Low |
patch.deployed | Security patch successfully applied | Info |
Quick Start
-
Create an Endpoint URL
Ensure your server accepts POST requests at a publicly accessible HTTPS URL. The endpoint must respond with a
200 OKor201 Createdstatus code within 5 seconds. -
Configure in Dashboard
Navigate to
Settings โ Integrations โ Webhooks. Click Add Webhook, paste your URL, and select the events you want to subscribe to. -
Verify & Test
Toggle Enable Verification to receive a test payload. Validate the
X-CyberVault-Signatureheader before processing the request.
Sample Payload
Every webhook request includes a standard envelope with metadata and the event-specific data object.
{
"id": "wh_8f3a2b9c-1e4d-5f6a-7b8c-9d0e1f2a3b4c",
"event": "threat.detected",
"timestamp": "2025-01-15T14:32:00Z",
"data": {
"threat_id": "thr_94x2k1",
"severity": "critical",
"source_ip": "203.0.113.42",
"target_asset": "prod-db-01.cybervault.internal",
"vector": "sql_injection",
"confidence": 0.98,
"mitre_id": "T1190"
},
"metadata": {
"workspace_id": "ws_5501",
"engine_version": "ai_v3.1",
"idempotency_key": "idm_x9z8y7w6"
}
}Security & Verification
All webhook payloads are signed using HMAC-SHA256. Verify the signature using your webhook secret before processing:
// Node.js Verification Example
const crypto = require('crypto');
function verifyWebhook(payload, signature, secret) {
const hmac = crypto.createHmac('sha256', secret);
const digest = hmac.update(payload).digest('hex');
return crypto.timingSafeEqual(
Buffer.from(digest),
Buffer.from(signature)
);
}Always validate the X-CyberVault-Signature header, enforce HTTPS-only endpoints, and implement idempotency checks using the idempotency_key to prevent duplicate processing.
Join the Webhooks Beta
Get early access, shape the API, and receive priority support as we build the next generation of security event streaming.