Integrating Invicti Enterprise with Webhooks
Invicti Enterprise allows you to integrate with many issue-tracking systems. But, there are some applications for which Invicti Enterprise does not currently offer integration.
Instead, Invicti Enterprise offers webhook integration for applications that support incoming webhooks.
Webhooks are not applications, but they provide a way for an application to get data from other applications with real-time information.
Webhook fields
This table lists and explains the Webhook fields in the New Webhook Integration page.
| Button/Section/Field | Description |
|---|---|
| Name | This is the name of the configuration that will be shown in menus. |
| Mandatory | This section contains fields that must be completed. |
| URL | This is the Webhook instance URL. |
| Title Format | This is the string format that is used to create the vulnerability title. |
| HTTP Method | This indicates the action to be performed on a resource for the request. |
| Parameter Type | This is the data format in which requests are sent. |
| Optional | This section contains optional fields. |
| Issue Parameter | This is the parameter name of the issue. |
| Title Parameter | This is the parameter name of the issue title. |
| Body Parameter | This is the parameter name of the issue body. |
| Username | This is the username for the HTTP authentication. |
| Password | This is the password for HTTP authentication. |
| HTTP Headers | This section contains the HTTP Headers that will be added to the HTTP request. |
| Name | Enter a name for the new HTTP Header. |
| Value | Enter a value for the new HTTP Header. |
| Custom Fields | This section contains user-defined custom fields. |
| New Custom Field | Select to create a new custom field. |
| Name | Enter a name for the new custom field. |
| Value | Enter a value for the new custom field. |
| Drop-down | Select the drop-down to change the input type. The options are:
|
| Create Sample Issue | Once all relevant fields have been configured, click to create a sample issue. |
How to integrate Invicti Enterprise with a webhook
- Log in to Invicti Enterprise.
- From the main menu, select Integrations > New Integration.
- From the API section, select Webhook.
- Create a webhook for the application you want.
- In the Name field, enter a name for the integration.
- In the Mandatory section, complete the connection details:
- URL
- Title Format
- HTTP Method
- Parameter Type
- In the Optional section, complete as required:
- Issue Parameter
- Title Parameter
- Body Parameter
- Username
- Password
- Select Create Sample Issue to confirm that Invicti Enterprise can connect to the configured system. A confirmation message is displayed to confirm that the sample issue has been successfully created.
If the Webhook integration is not configured correctly, Invicti Enterprise will correctly route descriptive error messages to you.
- Select Save to save the integration.
How to export reported vulnerabilities to projects using a webhook
There are several ways to send issues to projects using a webhook with Invicti Enterprise:
- Once notifications have been configured, you can configure Invicti Enterprise to automatically send vulnerabilities after scanning has been completed (see How to Configure a Notification to Report Vulnerabilities to an Issue Tracking System).
- You can send one or more issues from the Issues window:
- You must have Manage Issue permission.
- From the main menu, select Issues, then All Issues.
- From the Issues page, select one or more issues you want to send.
- Select Send To > Webhook.
A pop-up is displayed, with a message about the issue you have sent via the webhook. If there is an error, this information will be displayed instead.
- You can send an issue from the Recent Scans page:
- From the main menu, select Scans > Recent Scans.
- Next to the relevant scan, click Report.
- Scroll down to the Technical Report section.
- From the list of detected vulnerabilities, click to select an issue and display its details.
- Select Send To > Webhook.
If you have previously submitted this vulnerability via a webhook, it will already be accessible. You cannot submit the same issue twice.
If you view opened problem logs via a webhook, they look like this:
For more information about managing integrations, see Managing Integrations.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center