Skip to main content
The Destinations feature allows you to configure where monitoring notifications are sent when watched extensions trigger events. Set up webhooks for SOAR platforms, Slack, or other custom endpoints to receive real-time alerts about extension changes.

Features

Add Destination

Create new notification endpoints:
  • Add Destination Button
    • Opens dialog to create destination
  • Destination Form Fields
    • Name - Friendly identifier for the destination
    • Type - Webhook (email support coming soon)
    • URL - Endpoint where notifications are sent
    • Headers - Custom HTTP headers in JSON format to add to the payload
    • Ignore TLS - Toggle to skip SSL certificate verification

Destinations Table

Comprehensive view of configured destinations:
  • Name/ID
    • Click to toggle between Name and ID display
    • Arrow icon indicates toggle functionality
    • Name for human-readable reference
    • ID for technical integration
  • Type Column
    • Destination type (Webhook currently)
  • Endpoint Column
    • Full URL for webhooks
  • Actions Column
    • Edit Button - Modify destination settings
    • Test Button - Send test notifications
    • Delete Button - Remove destination with confirmation

Test Webhook

Verify destination configuration:
  • Test Functionality
    • Sends all event types to webhook
    • Five test events sent:
      • Version update event
      • Ownership change event
      • Verdict change event
      • Visibility change event
      • Manifest change event
    • Uses test extension data
    • Marked as test events in payload
  • Webhook Format Detection
    • Slack: Formatted with Block Kit
    • Google Chat: Formatted for Chat API
    • Generic: Standard JSON payload
    • Auto-detects based on URL
    • Optimized messages per platform

Webhook Configuration

Supported Platforms

Slack Webhooks

  • URL Format: https://hooks.slack.com/services/...
  • Payload Format: Slack Block Kit
  • Features:
    • Rich formatted messages
    • Markdown support
    • Clickable extension links
    • Emoji indicators per event type
    • Section blocks for organization
    • Footer with metadata
  • Message Structure:
    • Header: “Secure Annex Alert”
    • Main text with extension link
    • Event details in formatted blocks
    • Footer: date, organization, destination, edit link, test badge

Google Chat Webhooks

  • URL Format: https://chat.googleapis.com/v1/spaces/...
  • Payload Format: Google Chat API
  • Features:
    • Simple text format
    • Extension links
    • Event type indicators
    • Multi-line formatting
  • Message Structure:
    • Emoji + Event type + Extension name/link
    • Event details
    • Footer: organization, destination, test indicator

Generic Webhooks

  • URL Format: Any HTTPS endpoint
  • Payload Format: Standard JSON
  • Features:
    • Complete event data
    • Structured JSON schema
    • Schema versioning
    • Metadata included

Webhook Payload Schema

Standard payload structure for generic webhooks: 
{
  "schema": 1,
  "event_type": "version|ownership|verdict|visibility|manifest",
  "timestamp": "2024-01-15T10:30:00Z",
  "event_data": {
    // Event-specific fields
  },
  "metadata": {
    "rule": 123,
    "organization": "Organization Name",
    "destination": "Destination Name",
    "test": false
  }
}

Event Payload Examples

Version Event

{
  "event_type": "version",
  "event_data": {
    "extension_id": "abc123",
    "extension_name": "My Extension",
    "version": "1.2.3",
    "updated_date": "2024-01-15"
  }
}

Ownership Event

{
  "event_type": "ownership",
  "event_data": {
    "extension_id": "abc123",
    "extension_name": "My Extension",
    "new": "alice@example.com",
    "previous": "bob@example.com",
    "date": "2024-01-15T10:30:00Z",
    "version": "1.2.3"
  }
}

Verdict Event

{
  "event_type": "verdict",
  "event_data": {
    "extension_id": "abc123",
    "extension_name": "My Extension",
    "verdict": "malicious",
    "reviewed": true,
    "references": [],
    "date": "2024-01-15T10:30:00Z",
    "always": false,
    "version": "1.2.3"
  }
}

Visibility Event

{
  "event_type": "visibility",
  "event_data": {
    "extension_id": "abc123",
    "extension_name": "My Extension",
    "version": "1.2.3",
    "date": "2024-01-15T10:30:00Z",
    "visibility": "public",
    "active": false
  }
}

Manifest Event

{
  "event_type": "manifest",
  "event_data": {
    "extension_id": "abc123",
    "version": "1.2.3",
    "previous_version": "1.2.2",
    "permissions": {
      "added": ["storage"],
      "removed": []
    },
    "host_permissions": {
      "added": ["https://*.example.com/*"],
      "removed": []
    },
    "diff": "+ storage\n+ https://*.example.com/*"
  }
}
I