Kondukto Webhook Integration: Capturing Audit Log Events

Introduction

Kondukto provides webhook support to notify external systems about important events occurring on the platform. With this feature, you can transmit audit log records created in Kondukto to your own applications or third-party services in real-time.

In this article, we will examine the webhook setup, HTTP header configuration, and audit log event capturing process in Kondukto step by step.

What is a Webhook?

A webhook is a mechanism that automatically sends an HTTP POST request to another URL when a specific event occurs in an application. Kondukto webhooks send data in JSON format to your specified endpoint when an audit log record is created on the platform.

Step 1: Accessing the Webhook Page

First, you need to navigate to the webhook management page in the Kondukto interface:

1. Expand the Automation section from the left menu
2. Click on the Integrations option
3. Select the Webhooks tab from the submenu that appears

Image 1 visually demonstrates these steps. The location of "Integrations" and "Webhooks" tabs in the left menu is clearly marked.

On the webhook page, you can view your existing webhooks and add new ones. At the top of the page, there is a green informational message: "You can use webhooks to notify your apps or web applications when certain events occur in Invicti."

To create a new webhook, click the Add New Webhook button in the upper right corner (marked with a red rectangle in the image).

Step 2: Webhook Configuration - Basic Information

When you click the "Add New Webhook" button, a modal window opens. Image 2 shows the initial state of this modal window.

This window contains fields where you need to configure your webhook:

Webhook Name

Give your webhook a descriptive name. In the image, the example "WebhookTest" is used. This name will be used to manage and distinguish the webhook later.

Webhook URL

Enter the target URL where Kondukto will send events. This can be an endpoint on your own server or a URL from testing tools like webhook.site.

In Image 2, you can see the URL field partially filled:

https://webhook.site/0e6ad55a-...

HTTP Headers

You can add custom HTTP headers to webhook requests. In Image 2, we see the headers not yet added (Key and Value fields are empty).

Events

In Image 2, we see that the "Audit Log Creation" event is selected. This determines when the webhook will be triggered.

Mode

In Image 2, the toggle switch shows that "Secure" mode is active.

Step 3: Adding HTTP Headers

Image 3 demonstrates how to add HTTP headers.

To add headers:

• Enter the header name in the Key field. In the image, "Test" is used as an example.
• Enter the header value in the Value field. In the image, "Webhook" is used as an example.
• Use the + button to add multiple headers
• Use the - button to remove a header

After filling in all fields, click the Create button at the bottom of the modal window to save the webhook.

Step 4: Viewing the Webhook List

After the webhook is successfully created, it is displayed in a table on the main webhook page, as shown in Image 4.

The table contains the following information:

• Name: Webhook name (WebhookTest)
• URL: Webhook endpoint URL ( https://webhook.site/0e6ad55a-xxxx-xxx-xxxx-xxxxxxxxxxx )
• Actions: Operations you can perform on the webhook
  • Copy
  • Edit
  • Delete

Step 5: Examining Webhook Details - Initial State

Image 5 shows the initial state of the webhook detail page.

On this page:

• The webhook name and URL are displayed at the top
• There is a table listing events (Event ID, Event Category, Date columns)
• Initially, a "No Data" message appears because no events have been triggered yet

Step 6: First Webhook Event

In Image 6 (webhook-6.png), you can see the first webhook event being added to the list.

The list displays the following information:

• Event ID: evt_96e428f2-b3f8-4247-8e3b-e2a3f563bd05 (shown with a + sign at the beginning)
• Event Category: Audit Log Creation
• Date: 12 Nov 2025 15:12
• Successful events are shown with a green checkmark (✓)

Step 7: Webhook Event Details - Request

Image 7 shows the detail page that appears when you click on an event.

At the top of the page is an event summary, followed by two tabs:

• Request (currently selected tab)
• Response 200 (with successful response code)

Request Tab

The Headers section shows the HTTP headers sent:

Request URL: https://webhook.site/0e6ad...
Request Method: POST
Content-Type: application/json
Test: Webhook
User-Agent: Kondukto-Webhook/1.0
X-KONDUKTO-ORG-ID: 646...

The Payload section displays the JSON data sent:

{
  "data": {
    "actor": {
      "ip": "94.xxx.xxx.xxx",
      "user_agent": "Mozilla/5.0 (KHTML, like Gecko) Chrome/...",
      "username": "koray"
    },
    "date": "2025-11-12T12:12:48.626967855Z",
    "description": "User is logged in id=[67...], name=[koray...]",
    "event_category": "user",
    "event_name": "login"
  },
  "event_category": "audit_log_creation",
  "event_id": "evt_96e428f2-...",
  "occurred_at": "2025-11-12T12:48Z",
  "organization_id": "646..."
}

In the upper right corner, the message "Completed in 0.18 seconds" shows how long the request took to complete.

Step 8: Webhook Event Details - Response

Image 8 shows the information displayed when switching to the Response tab.

The Response tab displays the response returned by your webhook endpoint:

Response Headers

The Headers section shows response headers:

Cache-Control: no-cache, private
Content-Type: text/html; charset=UTF-8
Date: Wed, 12 Nov 2025 12:12:48 GMT
Server: nginx
X-Request-Id: 02ed97a...
X-Token-Id: 0e6a...

Response Body

The Body section displays the content returned by the webhook endpoint. In the image, you can see webhook.site's default message: "This URL has no default content configured. Change response in Webhook.site."

Step 9: Testing with Webhook.site

Image 9 shows the webhook.site interface in detail.

On webhook.site:

Left Panel (INBOX)

List of incoming requests:

• For each request, the HTTP method (POST, GET, etc.), request ID, and timestamp are displayed
• In the image, three different requests are listed (POST #02ed9..., GET #7d035..., GET #cebc4...)
• The selected POST request is highlighted with a red rectangle

Right Panel

Details of the selected request:

• Request Details & Headers tab is open
• Host, Location, Date, Size, Time, and ID information are liste
• Query strings and Form values sections (empty)

Additional information on the right:

• accept-encoding: gzip
• x-kondukto-org-id: 646...
• test: webhook
• content-type: application/json
• user-agent: Kondukto-Webhook/1.0
• host: webhook.site

Request Content Section

At the bottom of the screen:

• Format JSON and Word-Wrap options are checked
• Raw JSON data is displayed (same content as the payload sent by Kondukto)

This way, you can examine the data sent by Kondukto in real-time and verify that your webhook integration is working correctly.

Webhook Payload Structure

The webhook payload sent by Kondukto has the following main structure:

json
{
  "data": {
    "actor": {
      "ip": "IP address",
      "user_agent": "Browser information",
      "username": "Username"
    },
    "date": "ISO 8601 date format",
    "description": "Event description",
    "event_category": "Event category",
    "event_name": "Event name"
  },
  "event_category": "audit_log_creation",
  "event_id": "Unique event ID",
  "occurred_at": "Event time",
  "organization_id": "Organization ID"
}

Security Recommendations

{
  "type": "warning",
  "title": "Security Best Practices",
  "body": "Follow these recommendations to ensure secure webhook implementation"
}

1. Use HTTPS: Your webhook URL must use the HTTPS protocol
2. Header Validation: Use custom headers to validate incoming requests (as shown in Image 3)
3. IP Restriction: If possible, only accept requests from Kondukto IP addresses
4. Secure Mode: Enable "Secure" mode when creating the webhook (as shown in Images 2 and 3)
5. Error Handling: Implement proper error handling in your webhook endpoint