W2 DocsWebhooks for Alert Remediation (Alpha)
⚠️ Alpha: Please note webhooks are in an early stage of development and are subject to change.
Purpose
Our Alert Remediation webhooks have been created to trigger a webhook whenever an Alert is remediated by a user. This will enable you to utilise any downstream automation like updates on your system.
Getting Set Up
Our Webhooks are a new feature of our Monitoring system, in order to make use of them you will need to ensure:
- You are using our monitoring system.
- You have informed us of the callback URL you are listening on.
To establish either of these you can reach out to our Support team who can help you get started.
Sample Payload
The webhook consists of an HTTP POST call with an application/JSON payload.
Custom headers.
| Header | Value |
|---|---|
| x-w2-topic | AlertRemediation |
json
{
"Urn": "xxxx62e0-a500-4xxe-a59e-77xxxxy721a1",
"CaseId": "xxxx62e0-a500-4xxe-a59e-77xxxxy721a1",
"Comments": "Requires further review",
"AlertId": 123,
"User": "[email protected]",
"AlertStatus": "HighRisk",
"Timestamp": "2024-05-29T11:56:57.3746831Z"
}Field Breakdown
| Property | Notes |
|---|---|
| Urn | The unique identifier for the screened record. |
| CaseId | The unique identifier for the screened case. |
| Comments | The comments added during the remediation. |
| AlertId | The identifier for the alert. |
| User | The email of the user who performed the remediation. |
| AlertStatus | The status of the alert that it was remediated to. Can be any one of the following: Open,High Risk,Medium Risk,Low Risk,False Positive |
| Timestamp | A timestamp of the remediation event. |