Supported Webhook Events
Below are the supported event types:
1. New Script
- Description: Triggered when the system detects a new script.
- Purpose: Allows clients to monitor and review newly added scripts.
- Example JSON:
{
"event_name": "site_script.new_script",
"event_type": 1,
"timestamp": "2025-02-25T10:05:18",
"account_name": "account_DISPLAY_NAME",
"account_id": "account ID",
"site_name": "site_DISPLAY_NAME",
"site_id": "site ID",
"script_name": "Google Analytics",
"site_script_id": "82w13ed8-03wc-13ed-8bf7-0a0845aeb193"
}
2. New Script's Behavior
- Description: Sent when an existing script in the system starts behaving differently.
- Purpose: Helps track changes in script activity that may indicate malicious behavior.
- Example JSON:
{
"event_name": "site_script.new_behavior",
"event_type": 6,
"timestamp": "2025-01-29T13:28:36",
"account_name": "account_DISPLAY_NAME",
"account_id": "account ID",
"site_name": "site_DISPLAY_NAME",
"site_id": "site ID",
"script_name": "Google Tag Manager",
"behavior_name": "Data transfer",
"site_script_id": "df382d80-cf04-11ec-870c-0a0800aeb193"
}
3. Payment Page Header Changed
- Description: Sent when the security response header of the payment page has changed.
- Purpose: Alerts clients to possible unauthorized modifications to payment security configurations.
- Example JSON:
{
"event_name": "site.header_change",
"event_type": 4,
"timestamp": "2025-02-25T08:56:50",
"account_name": "account_DISPLAY_NAME",
"account_id": "account ID",
"site_name": "site_DISPLAY_NAME",
"site_id": "site ID",
"payment_page_id": 1909,
"payment_page_name": "payment page label",
"header_id":,
"header_name": "x-content-type-options",
"header_baseline_value": "base",
"header_new_value": "current"
}
4. New Script's Policy Recommendation
- Description: Sent when the system recommends a new policy for a script.
- Purpose: Provides security recommendations for handling detected scripts.
- Example JSON:
{
"event_name": "site_script.new_policy_rec",
"event_type": 3,
"timestamp": "2025-02-25T10:05:18",
"account_name": "account_DISPLAY_NAME",
"account_id": "account ID",
"site_name": "site_DISPLAY_NAME",
"site_id": "site ID",
"script_name": "Google Analytics",
"site_script_id": "df302fl2-ck04-11qc-8655-0a9832aeb193",
"recommended_scr_policy_id": 6,
"recommended_scr_policy_name": "Redacted",
"recommended_sub_policies": [
{
"sub_policy_id": 3,
"sub_policy_name": "PCI"
}
]
}
5. Site data alert
- Description: Sent when the system detects that a site has stopped sending data from a payment page.
- Purpose: Notify about a potentially suspicious issue related to the Source Defense snippet implementation.
- Example JSON:
{
"event_type": 7,
"event_name": "site.data.missing",
"timestamp": "2025-02-25T10:05:18",
"account_id": "account ID",
"account_name": "account_DISPLAY_NAME",
"site_id": "site ID",
"site_name": "site_DISPLAY_NAME",
"payment_page_id": 1,
"payment_page_name": "payment page label",
"last_time_data_seen": "2024-11-16T11:30:00Z",
"hours_from_last_data": 25
}
6. Site data resumed
- Description: Sent when the system detects that a site has resumed sending data from a payment page after a disruption.
- Purpose: Indicate a return to normal operation following a previous alert about missing data.
- Example JSON:
{
"event_type": 8,
"event_name": "site.data.resumed",
"timestamp": "2025-02-25T10:05:18",
"account_id": "account ID",
"account_name": "account_DISPLAY_NAME",
"site_id": "site ID",
"site_name": "site_DISPLAY_NAME",
"payment_page_id": 1,
"payment_page_name": "payment page label",
"last_time_data_seen": "2024-11-17T12:30:00Z",
"hours_from_last_data": 5
}