Skip to main content
Integrations is in preview and not accessible to all users. Get in touch to learn more.
The Integrations feature allows you to configure data sources that automatically send extension information to Secure Annex for monitoring. Create webhook endpoints that accept extension data from security tools like Secure Annex extensions, LimaCharlie, Fleet, or your own custom scripts. Annex automatically watches submitted extensions and can prevent malicious extensions from running.

Features

Add Integration

Create new data source configurations:
  • Add Integration
    • Name - Friendly identifier for the integration
    • Format - Data format the webhook will receive
      • Text - Will parse a body of newline delimited extensions
      • JSON - Custom JSON structure with a path
      • LimaCharlie - Pre-configured for LimaCharlie EDR
      • Fleet - Pre-configured for Fleet device management
      • Secure Annex code - Pre-configured for VS Code export format
      • Secure Annex browser - Pre-configured for browser extension export format
    • Platform - Extension platform (Chrome, Edge, Firefox, VS Code, Open VSX)
      • Auto-set for code format (VS Code + Open VSX)
      • Auto-set for browser format (Chrome + Edge)
    • Destination - Where to send watch notifications
      • Select from configured destinations
      • Defaults to Events page if not set
    • Integration ID - Custom URL-friendly identifier
      • Used in webhook endpoint URL
      • Must be unique
    • JSON Path - Field path to extract extension IDs (for JSON formats)
      • Auto-populated for prebuilt integrations
      • Uses JSONPath syntax (e.g., $.extensions[*].extension_id)
      • Supports array notation with [*]

Supported Formats

Text Format

Plain text with one extension ID per line. Example: 
ailcmbgekjpnablpdkmaaccecekgdhlh
hapodjooffnnjbbagjmeoojhmpeaogmk

JSON Format

Custom JSON structure with configurable path. Example with path $.extensions[*].id: 
{
  "extensions": [
    {"id": "ailcmbgekjpnablpdkmaaccecekgdhlh", "name": "Example"},
    {"id": "hapodjooffnnjbbagjmeoojhmpeaogmk", "name": "Another"}
  ]
}

How Integrations Work

  1. Create Integration - Configure data format and destination
  2. Receive Webhook URL - Unique endpoint for your organization
  3. Send Data - POST extension IDs to the webhook
  4. Automatic Watching - Extensions are added to Watch automatically
  5. Verdict Checking - Secure Annex checks for malicious/suspicious verdicts
  6. Response Actions - Responses can be used to perform actions like disabling or uninstalling extensions

Webhook Response

When you POST extension data to your integration webhook, Secure Annex returns a JSON response with processing results: 
{
  "organization_id": "organization",
  "integration_id": "my-chrome-integration",
  "processed": 3,
  "added": 1,
  "result": [
    {
      "extension_id": "aeblfdkhhhdcdjpifhhbdiojplfjncoa",
      "status": "present",
      "action": "disable"
    },
    {
      "extension_id": "cjpalhdlnbpafiamejdnhcphjbkeiagm",
      "status": "added",
      "action": "none"
    },
    {
      "extension_id": "ghbmnnjooekpmoecnnnilnnbdlolhkhi",
      "status": "present",
      "action": "none"
    }
  ]
}
I