InsightConnect Webhooks Update -- No Authentication Needed!

Hi everyone, we’re very excited to announ-- oh, sorry, what’s that Spider-Man?


Yes, that’s what this post is all about!

With our latest update to the API Trigger in InsightConnect, incoming webhook events no longer need an authentication mechanism! This update makes it possible for countless external apps and services to trigger InsightConnect workflows using the authentication-less API trigger!

Now, would you like to help explain what a webhook is and how we use it, Spider-Man?


I’ll take that as a yes.

Webhooks, sometimes known as reverse APIs or callbacks, are automated messages sent from an app or service to a designated URL when a specific event occurs. Webhooks help update data and post notifications asynchronously, keeping separate systems up to date and aware of changes without the need for constant polling messages.

Without webhooks, appOne would have to regularly ask for data from appTwo. In many cases, this isn’t very efficient because appOne will ask for new data from appTwo much more frequently than appTwo has new data.

This also creates the possibility of two apps requesting data from each other, polling at regular intervals, waiting for something new.


This polling approach was like actually going to the physical post office to check your PO box, without knowing whether or not there was a package there for you. If you get a few packages a week but go to the post office every day, you’re likely wasting time and money on the trip. But you want to pick up your package as soon as you can, so you keep checking your PO box every day!

Webhooks eliminate the need to check for updates. Instead of visiting your PO box every day, you get a message informing you that you have a package so you can go pick it up. In the cyber realm, an app can send a webhook to a predefined URL, eliminating the need for appOne to poll for updates from appTwo. AppTwo simply posts an update message to appOne instead.

In InsightConnect, the API Trigger automatically creates a custom URL where webhook events can be delivered to trigger a workflow…


…when a webhook event is delivered, the trigger captures the attached payload and kicks off a job…


…and then, your workflow runs its course!


These days, most apps and services are capable of sending webhook events for all sorts of things – newly created accounts, submitted forms, changed tickets, delivered mail, and much more. For example, InsightVM recently released an experimental webhook feature that can be used to trigger InsightConnect workflows when assets and vulnerabilities are newly discovered or removed.

A few common webhook sources we’ve heard from our customer base include:

Feel free to comment with additional use cases or technologies that support webhooks to keep the ideas flowing! And remember kids…


To learn more about the API Trigger and how to set up webhook events, check out our API Trigger Help Docs!