Skip to content

Webhooks

Configuration

SailPoint Entro offers a Webhook mechanism for your team to use, this mechanism activates upon either one of these three cases -

  1. A new risk was created
  2. A risk was updated (status changed, comments, employee changed, etc.)
  3. Risk severity was updated

    SailPoint Entro provides 2 templated configuration to two SOAR platforms - Torq and Tines, and a custom webhook - to any custom destination.

    Webhooks setup and configuration is done by accessing Settings > Webhooks.

The webhook configuration screen

{
    "createdRisk|updatedRisk|updatedRiskSeverity": {
        "id": number,
        "guid": string,
        "customerId": number,
        "severity": "LOW" | "MEDIUM" | "HIGH" | "CRITICAL",
        "owner": string,
        "detectionTime": number,
        "creationDate": number,
        "modifyDate": number,
        "exposureTime": number,
        "source": enum,
        "isArchived": boolean,
        "type": enum,
        "category": enum,
        "ruleCode": enum,
        "status": "OPEN" | "IN_PROGRESS" | "APPROVED" | "DISCARDED" | "RESOLVED",
        "threatDescription": string,
        "name": string,
        "tags": [
            string,
            ...
        ],
        "ownerUid": string,
        "path": string,
        "mitigation": string,
        "hasWebhookMessage": boolean,
        "ownerAiObject": {
            "similarity": number,
            "ownerItemType": string,
            "elementItemType": string,
            "originalOwnerValue": string,
            "originalElementValue": string,
            "processedOwnerValue": string,
            "processedElementValue": string
        },
        "employee": {
            "name": string,
            "email": string,
            "status": string,
            "title": string | null,
            "division": string | null,
            "organization": string | null,
            "manager": string,
            "creationDate": string,
            "lastLogin": string | null
        },
        "payload": [
            {
                "exposedLowConfidence": boolean,
                "exposedGuid": string,
                "exposedStatus": string,
                "exposureUrl": string,
                "exposedStatusEnrichment": {
                    "isValid": boolean,
                    "date": number,
                    "errorName": string,
                    "TokenAwsAccount": string,
                    "TokenAccountEnvironment": string
                },
                "exposedType": enum,
                "exposedOrigin": enum,
                "exposedValueHashed": string,
                "exposedSnippet": string,
                "exposedRedactedSnippet": string,
                "exposedAwsAccessKeyId": string,
                "vendorHash": string | null,
                "encryptedValue": string,
                "aiClassifications": [],
                "account": {
                    "environmentType": string,
                    "environment": string,
                    "accountId": string,
                    "accountType": string,
                    "tags": []
                },
                ...
            },
            {
                "account": {
                    "environmentType": string,
                    "environment": string,
                    "accountId": string,
                    "accountType": string,
                    "tags": [
                        string,
                        ...
                    ]
                },
                "targetToken": string,
                "awsArn": string
            }
        ]
    },
    "notificationType": "Risk Created|Risk Status Changed|Risk Severity Changed"
}