Generic webhooks
Our generic webhooks integration (alert) allows you to subscribe to notifications for select Next-Gen WAF activity types.
Adding a webhook integration (alert)
To add a webhook integration (alert), complete the following steps:
- Next-Gen WAF control panel
- Fastly control panel
Log in to the Next-Gen WAF control panel.
From the Sites menu, select a site if you have more than one site.
- From the Manage menu, select Site Integrations.
- Click Add site integration.
- Select the Generic Webhook integration.
- In the Webhook URL field, enter a URL to receive the notifications at.
Select if you want to be alerted regarding All activity or Specific activity. If you selected Specific activity, then in the Activity menu choose the activity types that you want the integration to create alerts for.
- Click Create site integration.
Notifications format
Notifications are sent with the following format:
{ "created": "2024-02-09T21:08:21.31644377Z", "type": "flag", "payload": { "ID": "abcde123456789", "CorpID": "123456789abcde", "SiteID": "987654321fedcba", "Scope": "site", "Slug": "site.example", "Name": "example", "Description": "Webhook integration for Example site", "CreatedBy": "admin@example.com", "CreatedByID": "edcba987654321", "Created": "2024-02-09T21:08:21.31644377Z", "Updated": "2025-01-07T21:06:31.50725289Z", "ResourceID": "ASDFghjkl123456789" }, "link":"dashboard link to event"}X-SigSci-Signature header
All requests sent from the generic webhook integration (alert) contain a header called X-SigSci-Signature. The value is an HMAC-SHA256 hex digest hashed using a signing key generated when the generic webhook was created.
To rotate the signing key, complete the following steps:
- Next-Gen WAF control panel
- Fastly control panel
Log in to the Next-Gen WAF control panel.
From the Sites menu, select a site if you have more than one site.
- From the Manage menu, select Site Integrations.
- Click the name of the appropriate generic webhook integration.
- Click Rotate.
- (Optional) Click Reveal to see the full value of the signing key.
Verification is done by creating an HMAC-SHA256 hex digest of the generic webhook payload using the signing key and comparing the result to the value of the X-SigSci-Signature header.
X-SigSci-Signature header verification example code
The examples show header verification code for X-SigSci-Signature.
- Go
- Python
- Ruby
- Bash
package main
import ( "crypto/hmac" "crypto/sha256" "encoding/hex" "fmt")
// CheckMAC reports whether messageMAC is a valid HMAC tag for message.func CheckMAC(message, messageMAC, key []byte) bool { mac := hmac.New(sha256.New, key) mac.Write(message) expectedMAC := mac.Sum(nil)
return hmac.Equal(messageMAC, expectedMAC)}
func main() { key := []byte("[insert signing key here]")
h := "[insert X-SigSci-Signature value here]"
json := []byte(`[insert JSON payload here]`)
hash, err := hex.DecodeString(h) if err != nil { log.Fatal("ERROR: ", err) }
ok := CheckMAC(json, hash, key)
fmt.Println(ok)}Activity types
When setting up a webhook integration (alert) in the Next-Gen WAF control panel, you can select from the following activity types:
| Activity type | Description | Payload |
|---|---|---|
siteDisplayNameChanged | The display name of a site (workspace) was changed | |
siteNameChanged | The short name of a site (workspace) was changed | |
loggingModeChanged | The agent mode (Blocking, Not Blocking, Off) was changed | Get site by name |
agentAnonModeChanged | The agent IP anonymization mode was changed | Get site by name |
flag | An IP address was flagged | Get event by ID |
expireFlag | An IP address flag was manually expired | List events |
createCustomRedaction | A custom redaction was created | Create a custom redaction |
removeCustomRedaction | A custom redaction was removed | Remove a custom redaction |
updateCustomRedaction | A custom redaction was updated | Update a custom redaction |
customTagCreated | A custom signal was created | |
customTagUpdated | A custom signal was updated | |
customTagDeleted | A custom signal was removed | |
customAlertCreated | A custom alert was created | Create a custom alert |
customAlertUpdated | A custom alert was updated | Update a custom alert |
customAlertDeleted | A custom alert was removed | Remove a custom alert |
detectionCreated | A templated rule was created | |
detectionUpdated | A templated rule was updated | |
detectionDeleted | A templated rule was removed | |
listCreated | A list was created | Create a list |
listUpdated | A list was updated | Update a list |
listDeleted | A list was removed | Remove a list |
ruleCreated | A request rule was created | |
ruleUpdated | A request rule was updated | |
ruleDeleted | A request rule was deleted | |
customDashboardCreated | A custom dashboard was created | |
customDashboardUpdated | A custom dashboard was updated | |
customDashboardReset | A custom dashboard was reset | |
customDashboardDeleted | A custom dashboard was removed | |
customDashboardWidgetCreated | A custom dashboard card was created | |
customDashboardWidgetUpdated | A custom dashboard card was updated | |
customDashboardWidgetDeleted | A custom dashboard card was removed | |
agentAlert | An agent alert was triggered |
