Help Center
News
Go back to application
Help Center
News
Go back to application
Automated security scans
How is the security score calculatedHow is our DNSSEC assessment performedHow is our SPF assessment performedHow is our DMARC assessment performedHow our SSL/TLS assessment is performedHow our Security Headers assessment is performedHow our Potential Vulnerability assessment is performedHow our Blocklist assessment is performedHow our Open Ports assessment is performedHow our Active Vulnerability scanner worksHow to get the best results from our attack surface scans?
Digital footprint analysis
How do we uncover Applications in the digital footprintHow do we uncover IP addresses in the digital footprintHow do we uncover Software used in the digital footprintHow do we uncover Cloud Storage in the digital footprintHow do we uncover Email Addresses in the digital footprintHow do we uncover Files in the digital footprintHow do we uncover Similar Domains in the digital footprint
Account management
How to add or delete primary domains from your digital footprintHow to add or delete users from your accountHow can I impose 2FA on my company's users?Setting up SSO authentication with your identity provider (IdP)
Managing suppliers
Adding suppliers to your supply chain on the Ceeyu platformHow to configure supply chain risk scoring
Building questionnaires
Establishing parent child relationships between questionsHow to test a questionnaireHow to configure rating of a questionnaireHow to configure assessment workflows
Integrations
Integrating Ceeyu with third-party applications
Trust Center
Trust Center overviewManaging content in your Trust CenterManaging access to your Trust Portal contentCustomizing Your Trust Portal BrandingSetting Up a Custom Domain for Your Trust PortalManaging certifications in your Trust Center

Integrating Ceeyu with third-party applications

Ceeyu enables you to receive information about new risks identified by email and/or by webhook for third-party application integration.  The event-based email alert can also serve to alert a NOC. 

To set this up, visit the Integrations page, which is accessible through the Profile & Preferences menu (Admins only). 

⚠️ IMPORTANT ⚠️

  • We send one webhook call and one email per new risk identified (corresponding to the criticality you configured to be notified for). 
  • Multiple email addresses can be added for the email notification, and these email addresses do not need to be associated with a Ceeyu user account)
  • Emails provide both a HTML version (for your email client) as a text version (for automated processing) of the risk information
  • Secret token for HMAC 256 signature is the secret token used to generate a HMAC-256 signature of the webhook payload, available in the X-CU-Signature-256 HTTP header to, validate the message's content integrity.

Data provided

For every new risk detected, the following data is provided:

Company NameName of the company for which the risk was detected
NameName of the asset for which the risk was detected.
SeverityThe detected risk's severity level.
DescriptionDescription of the detected risk.
DomainDomain for which the risk was detected.
HostHostname for which the risk was detected.
SourceAutomated assessment.
TypeAttack surface scan.
UrlUrl to the detected risk's detail page on the platform.

Examples

 

JSON payload for webhook

{
  "company_name": "Demo Company",
  "name": "democompany.com",
  "severity": "MEDIUM",
  "description": "Permissions Policy is not configured for intranejsont.democompany.com. This makes the application vulnerable to MITM, XSS, clickjacking and other common web attacks. ",
  "domain": "democompany.com",
  "host": "intranet.democompany.com",
  "source": "Automated assessment",
  "type": "Attack surface scan",
  "url": "https://app.ceeyu.io/risk-management/risk-detection/0x127d9eb5"
}

 

Email Text

Risk identified

Hello there.

A risk with the following characteristics has been identified by Ceeyu:

- Company: Demo Company
- Domain: democompany.com
- Host: intranet.democompany.com
- Severity: MEDIUM
- Source: Automated assessment
- Risk type : Attack surface scan
- Description: Permissions Policy is not configured for intranejsont.democompany.com. This makes the application vulnerable to MITM, XSS, clickjacking and other common web attacks.
- URL: https://app.ceeyu.io/risk-management/risk-detection/0x127d9eb5

Questions?

Is something wrong? or do you have an idea? never hesitate to contact.

For commercial questions: sales@ceeyu.io

For technical issues: support@ceeyu.io

For feedback and ideas: product@ceeyu.io

 

Email HTML

Was this article helpful?

Powered by Product Fruits