Skip to main content

Available Data

This page provides an overview of available data fields that can (partly already, partly to be implemented if required) passed on via our custom integrations within Website Security Monitor.

Current Webhook Format

Customer
idIdentifier to query additional user data
customer_idIdentifier to query additional tenant data
loginUsername
Domain
idIdentifier to query additional domain data
bundle

Identifier of the active bundle (package) defining the scan features

name

Domain Name

url

Full URI that is used for scanning

responseIP

IP-Address that was recorded for the last scan.

Issues (Array)
idIdentifier to query additional issue data
domainIdentifier of the referenced domain
regionsList of regions through in which this issue occurred (possible values: EU, US, ASIA)
viewportsList of browser formats in which the issue occurred (possible values: mobile, desktop)
statusDisplay Status of the issue (possible values: pending, acknowledged, ignored)
eventShort name of the detected issue (e.g. malware, blacklist,...)
categoryOverarching collection of events (e.g. content, reputation, ...)
severityNumeric representation of the severity of an issue (1 = warning, 2 = alert)
firstSeenDate and time on which the issue was first detected
lastSeenDate and time on which the issue was detected most recently
detailsSee below. Each Issue has one of the following Details objects
Details

Application Outdated

nameDisplay name of the detected application
productCanonical product name of the detected application the the version and vuln DB
urlBase URI where the application was detected (if detected by cloud scan)
pathServer-Path where the application was detected (if detected by server agent)
versionDetected version of the application
latestVersionThe latest version or latest stable Branch version (if applicable)

Application Vulnerable

nameDisplay name of the detected application
urlBase URI where the application was detected (if detected by cloud scan)
pathServer-Path where the application was detected (if detected by server agent)
versionDetected version of the application
vulnerabilities

List of detected vulnerabilities

- CVE: ID of the vulnerability

- Score: CVSS Score of the vulnerability

- Description: Description of the vulnerability

- Link: URL to further information in the Vulnerability Database

Blacklist

blacklistName of the blacklist which has the current domain listed.
reasonList of reasons (categories) for which the domain has been blacklisted
blacklistURLLink to the Blacklist for further information and de-listing (if applicable)

Defacement

urlURI on which the defacement has been detected or was reported
threatName of the detected threat (most commonly the name of a hacker group or a distinguishing feature of a defacement)

SuspiciousRequest

entityBlacklisted URL or Domain
urlsList of suspicious URLs that were contacted
blacklistsList of Blacklist entries (see Blacklist above)

Webshell

pathServer-path to the detected file
threatShort name of the detected threat (webshell, exec, obfuscated,...)
ownerSystem user that owns the file
groupSystem group that owns the file
permissionsLinux FS permissions of the file
mtimeModified Timestamp as reportet by stat
md5Checksum of the detected file
featureIf PHP code is detected, this string represents the generalized code patterns that are analyzed
avShort name of the detection system (php, yara, lmd)
sizeFilesize in bytes