Webhooks
Receive instant notifications when security events occur in CastellanAI.
What Are Webhooks?
Webhooks send automatic notifications to your systems when important events happen. Instead of constantly checking for updates, CastellanAI pushes alerts directly to your:
- Ticketing systems (ServiceNow, Jira, Zendesk)
- Communication platforms (Slack, Microsoft Teams)
- Automation tools (Zapier, Power Automate, custom scripts)
- SIEM platforms (Splunk, Elastic, QRadar)
For Slack and Microsoft Teams, we recommend using our built-in integrations instead of webhooks. See Slack Integration and Teams Integration.
Setting Up Webhooks
Step 1: Get Your Webhook URL
First, get the webhook URL from your receiving system:
- Slack: Create an Incoming Webhook in your Slack workspace
- ServiceNow: Configure an inbound web service
- Jira: Set up a webhook listener or use Jira Automation
- Custom system: Provide an HTTPS endpoint that can receive POST requests
Step 2: Create the Webhook in CastellanAI
- Go to Settings → Webhooks
- Click + Add Webhook
- Configure the webhook:
| Field | Description |
|---|---|
| Name | A descriptive name (e.g., "Critical Alerts to ServiceNow") |
| URL | The webhook URL from your receiving system |
| Events | Which events should trigger this webhook |
Step 3: Select Events
Choose which events should trigger notifications:
| Event Type | When It Fires |
|---|---|
| Critical Security Event | A critical severity threat is detected |
| High Security Event | A high severity threat is detected |
| Agent Offline | An agent stops reporting |
| Agent Online | An agent comes back online |
| Alert Triggered | A custom alert rule matches |
Step 4: Test and Save
- Click Test Webhook to send a test notification
- Verify the notification was received by your system
- Click Save to activate the webhook
Managing Webhooks
View Webhook Status
Go to Settings → Webhooks to see all configured webhooks:
- Active: Webhook is working normally
- Warning: Recent delivery failures (will retry automatically)
- Disabled: Webhook has been disabled due to repeated failures
Edit a Webhook
- Click on the webhook name
- Make your changes
- Click Save
Disable or Delete
- Disable: Temporarily stop notifications without losing configuration
- Delete: Permanently remove the webhook
Delivery and Retries
CastellanAI ensures reliable webhook delivery:
- Webhooks are delivered within seconds of an event occurring
- If delivery fails, we retry automatically (up to 5 attempts)
- After 5 failures, the webhook is automatically disabled
- You'll receive an email notification if a webhook is disabled
To re-enable a disabled webhook:
- Fix the issue with your receiving endpoint
- Go to Settings → Webhooks
- Click Enable on the disabled webhook
- Click Test to verify it's working
Best Practices
- Use HTTPS: Only HTTPS URLs are accepted for security
- Monitor delivery: Check webhook status regularly in Settings
- Set up backup notifications: Use email alerts as a backup for critical events
- Test after changes: Always test webhooks after modifying your receiving system
Troubleshooting
Webhook Not Receiving Events
- Check the webhook status in Settings → Webhooks
- Verify your endpoint URL is correct and accessible
- Ensure your firewall allows connections from CastellanAI
- Click Test to send a test notification
Events Delayed
- Check your system's processing queue
- Verify your endpoint responds quickly (under 10 seconds)
- Review your event filters—you may have too many events selected
Webhook Disabled
Your webhook was disabled after repeated failures. To fix:
- Check your endpoint is working
- Review any error messages shown in the webhook status
- Click Enable and then Test
Need help? Contact support@castellanai.com with your webhook configuration details.