Skip to main content
Every webhook delivery shares a common envelope. The data field contains the event-specific payload. This page lists all event types you can subscribe to when registering a webhook.

Common envelope

{
  "event": "drift.detected",
  "timestamp": "2024-01-15T14:30:00Z",
  "webhook_id": "wh_abc123",
  "delivery_id": "del_xyz789",
  "data": { }
}
Use the delivery_id to deduplicate events — InfraAudit delivers with at-least-once semantics and may send the same event more than once.

drift.detected

Fired when a new drift finding is detected. 
{
  "event": "drift.detected",
  "timestamp": "2024-01-15T14:30:00Z",
  "webhook_id": "wh_abc123",
  "delivery_id": "del_xyz789",
  "data": {
    "drift_id": 55,
    "drift_type": "security",
    "severity": "critical",
    "resource_id": 5,
    "resource_name": "data-lake-bucket",
    "resource_type": "s3_bucket",
    "provider_id": 1,
    "summary": "BlockPublicAcls changed from true to false",
    "detected_at": "2024-01-15T14:30:00Z"
  }
}

drift.resolved

Fired when a drift finding is marked as resolved. 
{
  "event": "drift.resolved",
  "timestamp": "2024-01-15T15:00:00Z",
  "webhook_id": "wh_abc123",
  "delivery_id": "del_abc001",
  "data": {
    "drift_id": 55,
    "resolved_by": 1,
    "resolved_at": "2024-01-15T15:00:00Z"
  }
}

alert.created

Fired when a new alert is created, whether automatically by InfraAudit or manually via the API. 
{
  "event": "alert.created",
  "timestamp": "2024-01-15T14:31:00Z",
  "webhook_id": "wh_abc123",
  "delivery_id": "del_abc002",
  "data": {
    "alert_id": 12,
    "title": "S3 bucket made public",
    "type": "security",
    "severity": "critical",
    "resource_id": 5,
    "resource_name": "data-lake-bucket",
    "created_at": "2024-01-15T14:31:00Z"
  }
}

vulnerability.found

Fired when a new CVE finding is detected during a vulnerability scan. 
{
  "event": "vulnerability.found",
  "timestamp": "2024-01-15T02:00:00Z",
  "webhook_id": "wh_abc123",
  "delivery_id": "del_abc003",
  "data": {
    "vulnerability_id": 8,
    "cve_id": "CVE-2024-12345",
    "severity": "critical",
    "cvss_score": 9.8,
    "package_name": "openssl",
    "fix_version": "1.1.1u",
    "resource_id": 42,
    "resource_name": "api-pod"
  }
}

compliance.violation

Fired when a compliance control fails during an assessment. 
{
  "event": "compliance.violation",
  "timestamp": "2024-01-15T04:00:00Z",
  "webhook_id": "wh_abc123",
  "delivery_id": "del_abc004",
  "data": {
    "assessment_id": 3,
    "framework_id": "cis-aws",
    "control_id": "cis-aws-2.1.1",
    "control_title": "Ensure S3 encryption-at-rest",
    "severity": "high",
    "failed_resources": [
      { "resource_id": 5, "resource_name": "data-lake-bucket" }
    ]
  }
}

cost.anomaly

Fired when a daily cost spike exceeds the expected range for a provider. 
{
  "event": "cost.anomaly",
  "timestamp": "2024-01-15T03:30:00Z",
  "webhook_id": "wh_abc123",
  "delivery_id": "del_abc005",
  "data": {
    "anomaly_id": 2,
    "provider_id": 1,
    "date": "2024-01-14",
    "actual_amount": 452.30,
    "expected_amount": 290.00,
    "deviation_percent": 56.0,
    "currency": "USD"
  }
}

job.completed

Fired when a scheduled job finishes, whether it succeeded or failed. 
{
  "event": "job.completed",
  "timestamp": "2024-01-15T08:03:42Z",
  "webhook_id": "wh_abc123",
  "delivery_id": "del_abc006",
  "data": {
    "job_id": 1,
    "job_type": "drift_detection",
    "execution_id": 88,
    "status": "succeeded",
    "duration_ms": 222000,
    "findings_count": 3
  }
}

remediation.completed

Fired when a remediation action finishes executing. 
{
  "event": "remediation.completed",
  "timestamp": "2024-01-15T15:01:00Z",
  "webhook_id": "wh_abc123",
  "delivery_id": "del_abc007",
  "data": {
    "remediation_id": 1,
    "status": "completed",
    "resource_id": 5,
    "resource_name": "data-lake-bucket",
    "executed_by": 1,
    "executed_at": "2024-01-15T15:00:00Z"
  }
}

ping

Sent when you register a new webhook or trigger a test delivery from the API or UI. Use it to verify your endpoint is reachable and signature verification is working. 
{
  "event": "ping",
  "timestamp": "2024-01-15T10:00:00Z",
  "webhook_id": "wh_abc123",
  "delivery_id": "del_abc008",
  "data": {
    "webhook_id": "wh_abc123",
    "message": "Webhook endpoint verified"
  }
}