Back to Documentation

Webhooks

Receive real-time notifications for security events

Overview

Webhooks allow you to receive HTTP POST requests when specific events occur in sent1nels. Use webhooks to integrate with external systems, trigger automated workflows, or send notifications.

Available Events

  • incident.created - New security incident detected
  • incident.updated - Incident status changed
  • incident.resolved - Incident marked as resolved
  • agent.offline - Agent stopped reporting
  • agent.online - Agent came back online
  • threat.detected - New threat identified
  • compliance.violation - Compliance rule violated

Creating a Webhook

Configure webhooks via the API or dashboard.

POST /v1/webhooks
Content-Type: application/json

{
  "url": "https://your-app.com/webhooks/sent1nels",
  "events": ["incident.created", "threat.detected"],
  "secret": "your_webhook_secret"
}

Webhook Payload Example

POST https://your-app.com/webhooks/sent1nels
X-Sent1nels-Signature: sha256=abc123...
Content-Type: application/json

{
  "event": "incident.created",
  "timestamp": "2025-01-08T10:30:00Z",
  "data": {
    "incident_id": "inc_456",
    "severity": "high",
    "title": "Suspicious Login Attempt"
  }
}

Verifying Webhook Signatures

Always verify webhook signatures to ensure requests are from sent1nels.

const signature = req.headers['x-sent1nels-signature'];
const payload = JSON.stringify(req.body);
const expected = crypto
  .createHmac('sha256', webhookSecret)
  .update(payload)
  .digest('hex');

if (signature === `sha256=${expected}`) {
  // Valid webhook
}

Best Practices

  • Always verify webhook signatures
  • Respond with 200 OK quickly (process async)
  • Implement retry logic for failed deliveries
  • Use HTTPS endpoints only
  • Log all webhook events for debugging