Webhooks
Configuration
SailPoint Entro offers a Webhook mechanism for your team to use, this mechanism activates upon either one of these three cases -
- A new risk was created
- A risk was updated (status changed, comments, employee changed, etc.)
-
Risk severity was updated
SailPoint Entro provides 2 templated configuration to two SOAR platforms - Torq and Tines, and a custom webhook - to any custom destination.
Webhooks setup and configuration is done by accessing Settings > Webhooks.

The webhook configuration screen
{
"createdRisk|updatedRisk|updatedRiskSeverity": {
"id": number,
"guid": string,
"customerId": number,
"severity": "LOW" | "MEDIUM" | "HIGH" | "CRITICAL",
"owner": string,
"detectionTime": number,
"creationDate": number,
"modifyDate": number,
"exposureTime": number,
"source": enum,
"isArchived": boolean,
"type": enum,
"category": enum,
"ruleCode": enum,
"status": "OPEN" | "IN_PROGRESS" | "APPROVED" | "DISCARDED" | "RESOLVED",
"threatDescription": string,
"name": string,
"tags": [
string,
...
],
"ownerUid": string,
"path": string,
"mitigation": string,
"hasWebhookMessage": boolean,
"ownerAiObject": {
"similarity": number,
"ownerItemType": string,
"elementItemType": string,
"originalOwnerValue": string,
"originalElementValue": string,
"processedOwnerValue": string,
"processedElementValue": string
},
"employee": {
"name": string,
"email": string,
"status": string,
"title": string | null,
"division": string | null,
"organization": string | null,
"manager": string,
"creationDate": string,
"lastLogin": string | null
},
"payload": [
{
"exposedLowConfidence": boolean,
"exposedGuid": string,
"exposedStatus": string,
"exposureUrl": string,
"exposedStatusEnrichment": {
"isValid": boolean,
"date": number,
"errorName": string,
"TokenAwsAccount": string,
"TokenAccountEnvironment": string
},
"exposedType": enum,
"exposedOrigin": enum,
"exposedValueHashed": string,
"exposedSnippet": string,
"exposedRedactedSnippet": string,
"exposedAwsAccessKeyId": string,
"vendorHash": string | null,
"encryptedValue": string,
"aiClassifications": [],
"account": {
"environmentType": string,
"environment": string,
"accountId": string,
"accountType": string,
"tags": []
},
...
},
{
"account": {
"environmentType": string,
"environment": string,
"accountId": string,
"accountType": string,
"tags": [
string,
...
]
},
"targetToken": string,
"awsArn": string
}
]
},
"notificationType": "Risk Created|Risk Status Changed|Risk Severity Changed"
}