Nimbusec WSM - Available Data
This page provides an overview of available data fields that can (partly already, partly to be implemented if required) passed on via our custom integrations within Website Security Monitor.
Current Webhook Format
Customer
| id | Identifier to query additional user data |
| customer_id | Identifier to query additional tenant data |
| login | Username |
Domain
| id | Identifier to query additional domain data |
| bundle |
Identifier of the active bundle (package) defining the scan features |
| name |
Domain Name |
| url |
Full URI that is used for scanning |
| responseIP |
IP-Address that was recorded for the last scan. |
Issues (Array)
| id | Identifier to query additional issue data |
| domain | Identifier of the referenced domain |
| regions | List of regions through in which this issue occurred (possible values: EU, US, ASIA) |
| viewports | List of browser formats in which the issue occurred (possible values: mobile, desktop) |
| status | Display Status of the issue (possible values: pending, acknowledged, ignored) |
| event | Short name of the detected issue (e.g. malware, blacklist,...) |
| category | Overarching collection of events (e.g. content, reputation, ...) |
| severity | Numeric representation of the severity of an issue (1 = warning, 2 = alert) |
| firstSeen | Date and time on which the issue was first detected |
| lastSeen | Date and time on which the issue was detected most recently |
| details | See below. Each Issue has one of the following Details objects |
Details
Application Outdated
| name | Display name of the detected application |
| product | Canonical product name of the detected application the the version and vuln DB |
| url | Base URI where the application was detected (if detected by cloud scan) |
| path | Server-Path where the application was detected (if detected by server agent) |
| version | Detected version of the application |
| latestVersion | The latest version or latest stable Branch version (if applicable) |
Application Vulnerable
| name | Display name of the detected application |
| url | Base URI where the application was detected (if detected by cloud scan) |
| path | Server-Path where the application was detected (if detected by server agent) |
| version | Detected version of the application |
| vulnerabilities |
List of detected vulnerabilities - CVE: ID of the vulnerability - Score: CVSS Score of the vulnerability - Description: Description of the vulnerability - Link: URL to further information in the Vulnerability Database |
Blacklist
| blacklist | Name of the blacklist which has the current domain listed. |
| reason | List of reasons (categories) for which the domain has been blacklisted |
| blacklistURL | Link to the Blacklist for further information and de-listing (if applicable) |
Defacement
| url | URI on which the defacement has been detected or was reported |
| threat | Name of the detected threat (most commonly the name of a hacker group or a distinguishing feature of a defacement) |
Suspicious Links
| links | List of Links on the website that are blacklisted |
| blacklists | List of Blacklist entries (see Blacklist above) |
SuspiciousRequest
| entity | Blacklisted URL or Domain |
| urls | List of suspicious URLs that were contacted |
| blacklists | List of Blacklist entries (see Blacklist above) |
Webshell
| path | Server-path to the detected file |
| threat | Short name of the detected threat (webshell, exec, obfuscated,...) |
| owner | System user that owns the file |
| group | System group that owns the file |
| permissions | Linux FS permissions of the file |
| mtime | Modified Timestamp as reportet by stat |
| md5 | Checksum of the detected file |
| feature | If PHP code is detected, this string represents the generalized code patterns that are analyzed |
| av | Short name of the detection system (php, yara, lmd) |
| size | Filesize in bytes |
No Comments