Settings
page and click on the Integrations
tab. On the
Integrations
tab, you can add, delete, and view webhooks you have previously
created.
Metlo will send a POST
request with the alert payload to the urls you define
for your webhooks. By default, the requests will be triggered for each type of
alert that is created. The alert payload will follow this format (Payload
is
the data that is sent, the rest of the definitions showcase what the data we
send looks like):
JSON
Context
Thecontext
object contains any extra data related to that specific alert.
RiskScore
TheRiskScore
defines the score given to that alert based on its risk and is
equal to one of the following values: high
, medium
, low
, none
.
AlertType
TheAlertType
is a string which defines the specific type of the alert and can
be one of a certain number of values as defined above.
ApiEndpoint
TheapiEndpoint
field contains the endpoint info for which the alert was
triggered.
DataField
ThedataFields
field contains a list of the fields that belong to an endpoint.
These fields can belong to any part of an endpoint such as its request body and
headers or response body and headers.
DataClass
EachDataField
has a list of sensitive data classes which are identified for
it. The dataClasses
field contains the current sensitive data classes which
are tagged for thatDataField
. The falsePositives
field contains any classes
that were identified by a user as a false positive. The scannerIdentified
field contains all the sensitive data classes that were identified by Metlo. The
list of data classes could include any Metlo defined or User defined(via Metlo
Config) Sensitive Data Classes.
DataSection
EachDataField
belongs to a DataSection
which can be in the request path
parameters, request query parameters, request headers, request body, response
headers, or response body.
DataType
EachDataField
has a dataType
field which defines the type of the values of
that DataField
.
DataTag
EachDataField
either has a value for the dataTag
field or has null if there
is no tag for that field. For example, a DataField
which contains sensitive
information will have a dataTag
with value of PII
.
DataPath
EachDataField
has a value for the dataPath
field which defines the path to
the DataField
in the payload. For example, if the response body of an endpoint
is as defined below, then there would be two DataField
items and each would
have a distinct dataPath
which would be foo.bar
and foo.baz
:
JSON
dataPath
would
just be an empty string ""
.