Hooks

Our platform also allows you to configure alerts for your resources, allowing you to receive updates in real-time.

In this document, we will provide you with a guide for setting up and using HTTP hooks in order to receive alerts on your own endpoint and integrate it within your own system.

Alerting is available for pro users only. See our various plans to get access.

Configure the hook

To configure a hook, simply go to your alert channels menu and select “Hooks.”. You will then be taken to a page where you can configure the hook.

diy

Receiving Alerts through Hooks

Once you have configured the hook, you will be able to receive alerts on your own endpoint. Every alert dispatched will be sent as a POST request containing an l9event JSON document.

You can also specify the severity of the alerts, allowing you to receive updates in real-time.

Example hook

  1POST /alert-endpoint HTTP/1.1
  2Host: youhost.com
  3Content-Type: application/json
  4
  5{
  6  "event_type": "leak",
  7  "event_source": "DotEnvConfigPlugin",
  8  "event_pipeline": [
  9    "ip4scout",
 10    "l9tcpid",
 11    "l9explore",
 12    "DotEnvConfigPlugin"
 13  ],
 14  "event_fingerprint": "ab2848eed8451d0ea0d48a691126d1aeab2848eed8451d0ea0d48a691126d1ae",
 15  "ip": "127.0.0.1",
 16  "host": "site1.example.com",
 17  "reverse": "ptr1.example.com",
 18  "port": "8080",
 19  "mac": "",
 20  "vendor": "",
 21  "transport": [
 22    "tcp",
 23    "tls",
 24    "http"
 25  ],
 26  "protocol": "https",
 27  "http": {
 28    "root": "/site1",
 29    "url": "/site1/.env",
 30    "status": 200,
 31    "length": 12423,
 32    "header": {
 33      "Content-Type": "application/text",
 34      "Server": "Apache"
 35    },
 36    "title": "Apache welcome page",
 37    "favicon_hash": "e7bc546316d2d0ec13a2d3117b13468f5e939f95"
 38  },
 39  "summary": "GET /... qwerqwer",
 40  "time": "0001-01-01T00:00:00Z",
 41  "ssl": {
 42    "detected": true,
 43    "enabled": true,
 44    "jarm": "29d29d00029d29d21c41d41d00041dba71dd2df645850cf5f0b5af18a5fdcf",
 45    "cypher_suite": "TLS_AES_128_GCM_SHA256",
 46    "version": "TLSv1.3",
 47    "certificate": {
 48      "cn": "example.com",
 49      "domain": [
 50        "site.example.com",
 51        "admin.example.com"
 52      ],
 53      "fingerprint": "e998e371dd4678c9113e196bc5e4a5e901455750c6dbc9985c84403b91055260",
 54      "key_algo": "RSA",
 55      "key_size": 2048,
 56      "issuer_name": "Rapid SSL",
 57      "not_before": "0001-01-01T00:00:00Z",
 58      "not_after": "0001-01-01T00:00:00Z",
 59      "valid": false
 60    }
 61  },
 62  "ssh": {
 63    "fingerprint": "",
 64    "version": 0,
 65    "banner": "",
 66    "motd": ""
 67  },
 68  "service": {
 69    "credentials": {
 70      "noauth": true,
 71      "username": "",
 72      "password": "",
 73      "key": "",
 74      "raw": "SSBhbSBhIGtleQo="
 75    },
 76    "software": {
 77      "name": "Apache",
 78      "version": "2.2.4",
 79      "os": "Ubuntu",
 80      "modules": [
 81        {
 82          "name": "PHP",
 83          "version": "4.4.2",
 84          "fingerprint": "php-4-4-2"
 85        }
 86      ],
 87      "fingerprint": "apache-2-2-4"
 88    }
 89  },
 90  "leak": {
 91    "stage": "open",
 92    "type": "configuration",
 93    "severity": "medium",
 94    "dataset": {
 95      "rows": 4,
 96      "files": 1,
 97      "size": 13223,
 98      "collections": 1,
 99      "infected": false,
100      "ransom_notes": [
101        "Do this",
102        "Don't do that",
103        "We love GDPR"
104      ]
105    }
106  },
107  "tags": [
108    "plc"
109  ],
110  "geoip": {
111    "continent_name": "",
112    "region_iso_code": "",
113    "city_name": "",
114    "country_iso_code": "",
115    "country_name": "",
116    "region_name": "",
117    "location": {
118      "lat": 0,
119      "lon": 0
120    }
121  },
122  "network": {
123    "organization_name": "",
124    "asn": 0,
125    "network": ""
126  }
127}