Webhooks

Get a signed POST on every block and behavioral anomaly. One webhook integrates Kaizen with Slack, PagerDuty, your SIEM, or anything custom.

Add a webhook

In the console, open Settings → Webhooks, add your endpoint URL, and save the signing secret (it is shown once).

Payload

{
  "event": "anomaly",
  "data": {
    "agent": "support-bot",
    "reason": "this agent did a kind of action it has never done (connect), a tool it has never used (export_file)...",
    "action": { "kind": "connect", "tool": "export_file", "target": "45.9.148.108" }
  }
}

Events delivered: verdict.block and anomaly.

Verify the signature

Every request carries X-Kaizen-Signature: sha256=<hex>, an HMAC-SHA256 of the raw request body keyed with your signing secret.

import hmac, hashlib

def verify(body: bytes, signature_header: str, secret: str) -> bool:
    expected = "sha256=" + hmac.new(secret.encode(), body, hashlib.sha256).hexdigest()
    return hmac.compare_digest(expected, signature_header)

Coming next

Native OpenTelemetry export, plus Slack, PagerDuty, and Microsoft Sentinel destinations.