What are webhooks?
Webhooks are one way that apps can send automated messages or information to other apps. In our instance, we allow you to connect to an external webhook listener that will be triggered when a recipient fails a simulated phishing event.
The easiest way to think of webhooks is as notifications. At their simplest, they carry a payload of data which is usually a single record that has been created and then passed to a third-party listener which causes the trigger to fire and subsequently an event to take place.
For example, you might use a webhook integration from a service such as Zapier to send you a Slack message or send you a notification email when a simulated phishing attachment is opened, a link is clicked, or details entered on one of our landing pages.
Because you receive this information in real-time, this type of automation allows you to react swiftly when dealing with those recipients creating vulnerabilities for your organisation.
How to access Webhook connections in Phishing Tackle
- In the Phishing Tackle platform, in the left-hand column, select Organisation and then Settings.
- Select 'Webhook Connections'.
What data is sent
Data sent from Phishing Tackle to the third party listener consists of the following:
- First Name
- Last Name
- Email Address
- Failure Description (e.g. Email Link Clicked)
- Phishing Campaign Name
- Date/Time Email sent
- Date/Time failure occurred
- Manager Email Address
Connecting to a Webhook listener
Before you can trigger an event in a connected app, you should create a listener on the target platform which then creates a URL and, typically, a unique token for connection and authentication purposes. You will need to refer to the specific documentation of the third-party app for help on this, but to help get you started we have provided a simple example using Zapier.com below.
Example using Zapier.com
The following is a simple example for connecting to a Webhook provided by Zapier which will send an email each time a recipient fails (clicks, opens etc) a simulated phishing email sent from Phishing Tackle. We are using a popular third-party integration service called Zapier for this example but other automation platforms are available, such as Microsoft Flow.
NOTE: Zapier may be beta testing a new Zap creation wizard, which changes the appearance/wording within the following guide. The concepts and functionality remain the same and can still be followed as below.
Prerequisites
Before beginning this example, please ensure you have completed the following:
- Started a test phishing campaign and sent yourself an email with a link, which is still being tracked. This email link will be required to test the connectivity with Zapier.
- Created a (free) account on Zapier.com and have logged in.
Step-by-step
- Create a free account on Zapier and once logged in select the Make a Zap! button.
- On the next screen select Webhooks from the BUILT-IN APPS section on the right.
- Select Catch Hook and then Save + Continue.
- Click the Copy button next to the custom URL value shown in the middle of the page.
This URL should now be entered into the webhook settings in your PhishingTackle.com platform. Open a new browser window and log into PhishingTackle.com.
Select Organisation | Settings from the left side menu and then select Webhook from the inner menu. Paste the copied URL into each field indicated by the orange arrows (or just the events you wish to be notified about) and click Save. Now return to Zapier.com to continue the setup. - Back in the Zapier.com zap creation process, click the OK, I did this button.
- Click the Continue button as we do not need to filter the incoming data.
- This stage is where we test the connectivity between Phishing Tackle and Zapier. Locate the simulated phishing email you sent to yourself as part of the test campaign as mentioned in the prerequisites, and click any of the links within it. After a few seconds, Zapier should have recorded this click and will now be showing confirmation of data received as Hook A.
- Click the small ^ to the right of Hook A and you should see the details captured in the drop-down that appeared.
- If you do not see any data, or Zapier times-out waiting, check the Zapier webhook URL matches that stored in PhishingTackle.com. If you do see captured data then you have successfully connected PhishingTackle.com to Zapier and created your trigger. You can now move onto creating the Action following activation of this trigger.
- Click Continue to move to the next screen.
- Click + Add a Step from the next screen.
- Click Action/Search from the next screen.
- Select Email from the next screen.
- Ensure the Send Outbound Email radio button is selected and click Save + Continue and you will be presented with the ability to complete all the information required to send the email notification.
- Enter the To email address for this notification.
- If you wish, for example, to send a notification to the recipient's manager, select the small grey + button to the right which will display Zapier placeholder information it was able to extract from the connectivity with us. From this list, you will be able to select Manager Email Address, if one is configured within our platform for that recipient.
- Enter an email Subject.
- Recipient Phishing Email Failure.
- Enter the text you would like to appear within the Body of the notification email.
- As in the earlier step, by clicking the small grey + button, you will be able to populate the email body with placeholders Zapier has extracted from the connectivity with us. You can use these placeholders anywhere in the email body and they will automatically be populated with the correct information when this email notification is sent.
- Enter an optional From Name and Reply To address
- Select Send Test to Email by Zapier and you should receive a test email sent to the To address you entered.
- Once you have verified the test email has arrived, click Finish to create the Zap.
- Finally, give your Zap a name eg. PhishingTackle.com Email Failure and click the switch currently showing as OFF and, providing no mistakes have been made during the creation, this will turn green and now be ON.
Each time a failure occurs by one of your recipients, you will now be notified by email. Zapier (and other automation platforms) allow for very sophisticated automation processes and this is just one simple example of how it can help you.
Further information and an in-depth article by Zapier on the many uses of webhooks can be found here
Should you require any further assistance with this article, or any aspect of our platform, please contact support.