Webhook Catalog
Receive real-time HTTP POST notifications when events occur in Netallion AI Assurance. Configure webhook endpoints in Settings > Webhooks.
Signature Verification
Every webhook request includes an X-Netallion AI Assurance-Signature header containing an HMAC-SHA256 signature of the request body, computed using your webhook secret.
import hmac
import hashlib
def verify_webhook(payload: bytes, signature: str, secret: str) -> bool:
"""Verify Netallion AI Assurance webhook signature."""
expected = hmac.new(
secret.encode(),
payload,
hashlib.sha256
).hexdigest()
return hmac.compare_digest(f"sha256={expected}", signature)// TypeScript
import { createHmac, timingSafeEqual } from "crypto";
function verifyWebhook(payload: string, signature: string, secret: string): boolean {
const expected = "sha256=" + createHmac("sha256", secret)
.update(payload)
.digest("hex");
return timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
}Retry Policy
If your endpoint returns a non-2xx status code or times out (30s), Netallion AI Assurance retries with exponential backoff:
| Attempt | Delay | Cumulative |
|---|---|---|
| 1st retry | 5 seconds | ~5s after initial |
| 2nd retry | 15 seconds | ~20s after initial |
| 3rd retry (final) | 45 seconds | ~65s after initial |
After 3 failed attempts, the delivery is marked as failed. You can view and manually retry failed deliveries in the dashboard.
Event Types
scan.completed
Fired when a scan finishes processing, whether or not findings were detected.
{
"event": "scan.completed",
"id": "evt_01HZ...",
"timestamp": "2026-04-12T10:30:00Z",
"data": {
"scan_id": "scan_01HZ...",
"workspace_id": "ws_...",
"status": "completed",
"findings_count": 3,
"severity_counts": {
"critical": 1,
"high": 2,
"medium": 0,
"low": 0
},
"duration_ms": 4521,
"triggered_by": "schedule"
}
}incident.created
Fired when a new security incident is created from scan findings.
{
"event": "incident.created",
"id": "evt_01HZ...",
"timestamp": "2026-04-12T10:31:00Z",
"data": {
"incident_id": "inc_01HZ...",
"title": "AWS Access Key exposed in application logs",
"severity": "critical",
"status": "open",
"finding_ids": ["f_01HZ..."],
"assignee": null,
"workspace_id": "ws_..."
}
}incident.updated
Fired when an incident's status, severity, or assignee changes.
{
"event": "incident.updated",
"id": "evt_01HZ...",
"timestamp": "2026-04-12T11:00:00Z",
"data": {
"incident_id": "inc_01HZ...",
"changes": {
"status": { "from": "open", "to": "in_progress" },
"assignee": { "from": null, "to": "user_01HZ..." }
},
"updated_by": "user_01HZ..."
}
}nhi.rotation_due
Fired when a non-human identity (service account, API key) is approaching or has passed its rotation deadline.
{
"event": "nhi.rotation_due",
"id": "evt_01HZ...",
"timestamp": "2026-04-12T08:00:00Z",
"data": {
"nhi_id": "nhi_01HZ...",
"name": "prod-deploy-service-account",
"provider": "azure_ad",
"credential_type": "client_secret",
"last_rotated": "2025-10-12T00:00:00Z",
"rotation_policy_days": 90,
"days_overdue": 93,
"status": "overdue"
}
}remediation.completed
Fired when an automated or manual remediation action completes successfully.
{
"event": "remediation.completed",
"id": "evt_01HZ...",
"timestamp": "2026-04-12T11:15:00Z",
"data": {
"remediation_id": "rem_01HZ...",
"incident_id": "inc_01HZ...",
"action": "rotate_credential",
"provider": "aws",
"target": "AKIA...",
"result": "success",
"automated": true,
"duration_ms": 2340
}
}