The Alert Webhook API sends a summary of alert information to the user's selected URL in JSON format.
- There is a 10 second delay from alert generation to alert reception in the user's webhook endpoint.
- The alert displayed in the App Infrastructure Protection (AIP) Cloud Security Platform (CSP) contains additional data not included in the webhook.
The alert JSON contains the following attribute-value pairs:
|created_at||string||Time, in milliseconds UTC, alert occurred||required|
|id||string||A unique alert ID. This value can be used with the AIP Rest API to retrieve additional alert information||required|
|organization_id||string||The unique ID of the organization on which the alert generates. If a user belongs to multiple organizations, then this information quickly pinpoints the correct organization.||required|
|severity||integer||Represents the format of the alert
Allowed values:1, 2, or 3
|server_or_region||string||Host alerts: the server name / CloudTrail alerts: the region name||required|
|source||string||The source of the alert
Allowed values: Host, CloudTrail
|title||string||The title of the alert as displayed in the AIP CSP||required|
|organization_name||string||The unique name of the organization on which the alert generates. If a user belongs to multiple organizations, then this information quickly pinpoints the correct organization||optional|