Chariot can ingest new assets and risks via a webhook. This is useful for connecting external applications to Chariot that do not have an official integration.
Enable the Webhook URL
Each Chariot instance may have one active webhook at a time. To enable your instance's webhook, navigate to the Integrations page and click on the Chariot Webhook integration card:
Click Connect to open the integration card:
You can manually copy the webhook URL from the section highlighted above. Additionally, clicking Add will automatically copy the webhook URL to your clipboard:
Alternatively, you can enable and retrieve your webhook with the Praetorian CLI:
$ praetorian chariot add webhook
https://xxxxxxxxxxxx.execute-api.us-east-2.amazonaws.com/chariot/hook/:username/:pin
Add a risk
To add a risk to be tracked in Chariot, send the following request:
curl -X 'POST' \
'https://<webhook.url>' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"dns": "public-facing-api.domain.com",
"name": "192.168.15.30",
"finding": "Exposed_Admin_Interface" # must match regex /^\\S+$/
}'
The risk will now appear in your Risks page:
Add an asset
To add an asset to Chariot, send the following request:
curl -X 'POST' \
'https://<webhook.url>' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"dns": "staging.domain.com",
"name": "10.1.1.5"
}'
This will add a new asset to your Assets page: