Webhook integration

To integrate security problem notifications using webhooks

  1. Create an alerting profile, which allows you to set up alert-filtering rules that are based on the risk level of detected security problems.
  2. Link the alerting profile to the security notifications integrations, which allows you to define the integration with a certain service and configure the payload (in the form of a message template) that you want to receive.

1. Create an alerting profile

To create an alerting profile

  1. In the Dynatrace menu, go to Settings.
  2. Select Alerting > Security alerting profiles.
  3. Select Add alerting profile.
  4. Enter a Name for the profile on which you want to receive security notifications.
  5. Turn on the switch of each risk level for which you want to receive notifications. You can select more than one.
  6. Select Save changes to save your configuration.
  1. In the Dynatrace menu, go to Settings.

  2. Select Integration > Security notifications.

  3. Select Add integration.

  4. Enter a Display name and Webhook endpoint URL.

  5. optional Choose whether you want to accept any SSL certificate.

    • On = Accept any SSL certificate (including self-signed and invalid certificates)
    • Off = Dynatrace verifies the SSL certificate of the URL. (recommended)
  6. Select Add HTTP header to specify additional HTTP header fields, such as Content-Type or Authorization. These custom HTTP header fields can be used if the target endpoint needs an authentication token within the HTTP header or if you would like to send different content types such as application/json, application/xml, text/plain. Note: The Content-Type field is required, others are optional.

  7. In the Custom payload field, customize your notification format and content. Once a security problem is detected or resolved, this customizable payload is pushed through an HTTP POST to the target system. Expand Available placeholders to list placeholders that you can copy and paste into the payload; placeholders are replaced with actual values when the notification is generated.

    Example message template:

    {
    "text": "Notification for *{SecurityProblemId}* and *{Severity} {DavisSecurityScore}* (CVSS: {CvssScore}). \nTitle: *{Title}*\n```{Description}```\n{SecurityProblemUrl}\n* Public exploit: {ExploitAvailable}, \n* public exposure: {Exposed}, \n* sensitive data exposure: {SensitiveDataReachable}. \nRemediable entities as JSON array: ```{AffectedEntities}```  \n\n *from test system* :dynatrace: (triggered by 'all risk levels' rule)."
    }
    

    For the example above, you would get the following notification:

example-payload-appsec

  1. From the Alerting profile list, select the alerting profile on which you want to receive security notifications.
  2. Select Save changes to save your configuration.

Example reporting to a Slack channel

example-notif-slack