This section describes the common structure of all webhook messages our platform sends. Every webhook message is delivered as a POST request to a customer-defined URL and follows a consistent format. The actual content inside the data field varies depending on the type of document (e.g., security_advisory, threat_intelligence), but the envelope is always the same.
The webhook system uses a templated HTTP POST request without authentication. This is the default structure used for all webhook messages:
POST https://webhooks.customer-name.io/updatesContent-Type: application/jsonAccept: */*
{"data": { ... },"trigger_type": "resultitem:new","cybernality_details_url": "https://www.cybernality.ai/resultitem/view?ri_id=30527"}
If a wrapper key is configured (e.g., event_wrapper), the body will be wrapped accordingly:
{"event_wrapper": {"data": { ... },"trigger_type": "resultitem:updated","cybernality_details_url": "https://www.cybernality.ai/resultitem/view?ri_id=30527"}}
Note:
The
wrapper keyallows wrapping the payload inside a named outer object. If not provided, the body is a flat object withdata,trigger_typeandcybernality_details_urldirectly at the root.
The data object will always contain one of the following payload types:
security_advisory
hacking_attack
vulnerability_discovery
patch_announcement
threat_intelligence
exploit_discovery
Detailed schemas for each document_type are available in their respective documentation sections.
The webhook can be triggered by the following event types:
resultitem:new: A new result item was created.
resultitem:updated: An existing result item was updated.
Field | Type | Description |
|
| The actual payload, structured according to its |
|
| Specifies which kind of event (creation or update) caused this webhook message to be sent. |
|
| The url that directly leads to the details page on cybernality. |
data contains the core payload, structured according to its document_type.
trigger_type helps identify the cause of delivery.
Dates follow ISO 8601 format (e.g., 2025-06-01T12:00:00Z).
Messages are formatted according to the configured content type (application/json) and acceptance header (*/*).
⚠️ Note: Payloads may grow over time as we introduce new fields. We recommend designing your webhook consumer to tolerate unknown fields.
{"data": {"CVEs": ["CVE-2025-31651","CVE-2025-31650"],"classification": "Security Advisory","cvss": [{"cve_id": "CVE-2025-31651","cvss_risk_assessment": "**Expert Security Assessment:**\nThese vulnerabilities pose significant risks, with the access restriction bypass being particularly critical. Successful exploitation could lead to full control over affected systems and severe service disruptions.\n\n**Risk Evaluation:**\n\nFor CVE-2025-31650 (DoS):\n- **AV:N**: Remotely exploitable, increasing the scope of potential attacks.\n- **AC:L**: Low complexity, making it easier for attackers to exploit.\n- **PR:N**: No privileges are required, allowing unauthenticated attackers to initiate the attack.\n- **UI:N**: No user interaction is needed, enabling automated exploitation.\n- **S:U**: Affects the availability of the system, leading to potential service outages.\n\nFor CVE-2025-31651 (Access Restriction Bypass):\n- **AV:N**: Remotely exploitable, broadening the attack surface.\n- **AC:L**: Low complexity, making exploitation more feasible.\n- **PR:N**: No privileges required, allowing any attacker to attempt exploitation.\n- **UI:N**: No user interaction needed, facilitating automated attacks.\n- **S:U**: Compromises confidentiality, integrity, and availability, leading to severe impacts.\n- **C:H/I:H/A:H**: High impact on confidentiality, integrity, and availability, indicating critical risks to data security and system functionality.\n\n**Real-World Impact:**\nOrganizations using the affected HPE Telco Service Orchestrator software may experience significant service disruptions due to DoS attacks and unauthorized access to sensitive information, leading to potential data breaches and loss of service availability.","cvss_score": {"label": "critical","value": 9.8},"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_version": "3.1","parsed_cvss_vector": {"Attack Complexity": "Low","Attack Vector": "Network","Availability": "High","Confidentiality": "High","Integrity": "High","Privileges Required": "None","Scope": "Unchanged","User Interaction": "None"}},{"cve_id": "CVE-2025-31650","cvss_risk_assessment": "**Expert Security Assessment:**\nThis vulnerability is highly critical, allowing remote attackers to bypass access restrictions and initiate Denial of Service (DoS) attacks on HPE Telco Service Orchestrator software. The high CVSS scores indicate severe potential impacts, with the access restriction bypass being particularly concerning.\n\n**Risk Evaluation:**\n- **AV:N**: Remotely exploitable, significantly increasing the scope of potential attacks.\n- **AC:L**: Low complexity required for exploitation, making it accessible to a wide range of attackers.\n- **PR:N**: No privileges are required, allowing unauthenticated attackers to exploit the vulnerability.\n- **UI:N**: No user interaction is needed, enabling automated and stealthy attacks.\n- **S:U**: The impact does not change based on the scope, affecting the targeted system directly.\n- **C:N**: No confidentiality impact, as the primary concern is availability and access control.\n- **I:N**: No integrity impact, focusing on service disruption and unauthorized access.\n- **A:H**: High availability impact, leading to potential DoS conditions.\n\n**Real-World Impact:**\nOrganizations using affected versions of HPE Telco Service Orchestrator may experience significant service disruptions due to DoS attacks and unauthorized access to restricted areas, leading to operational downtime and potential data exposure.","cvss_score": {"label": "high","value": 7.5},"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss_version": "3.1","parsed_cvss_vector": {"Attack Complexity": "Low","Attack Vector": "Network","Availability": "High","Confidentiality": "None","Integrity": "None","Privileges Required": "None","Scope": "Unchanged","User Interaction": "None"}}],"last_updated_date": "2025-06-03T00:00:00+00:00","product_features": [{"criterias": {"criterion": [],"operator": ""},"meta_data": [],"product": "HPE Telco Service Orchestrator","resolution": {"other_fix": [],"product_fix": [">=5.3.2"]},"vendor": "Hewlett Packard Enterprise","version": ["<5.3.2"]}],"product_vendor": "Aruba","published_date": "2025-06-03T00:00:00+00:00","publishing_company": "Hewlett Packard Enterprise Development LP","references": ["https://myenterpriselicense.hpe.com/","https://www.hpe.com/info/report-security-vulnerability","https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00100637en_us","http://www.hpe.com/support/Subscriber_Choice","http://www.hpe.com/support/Security_Bulletin_Archive"],"scraped_date": "2025-06-03T19:07:12+00:00","severities": [{"origin_name": "HPE","severity": "high"},{"origin_name": "HPE","severity": "critical"}],"solution": "Update to HPE Telco Service Orchestrator v5.3.2 or later. Download from https://myenterpriselicense.hpe.com/.","summary": "Two remotely exploitable vulnerabilities in HPE Telco Service Orchestrator software could allow Denial of Service (DoS) and Access Restriction Bypass. CVE-2025-31650 is a DoS vulnerability (CVSS 7.5, high), and CVE-2025-31651 is an access restriction bypass (CVSS 9.8, critical).","title": "HPESBNW04872 rev.1 - HPE Telco Service Orchestrator software, Multiple Vulnerabilities","url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04872en_us&docLocale=en_US","vendor_severity": "","version_info": "Version:1 (rev.1) - 3 June 2025 Initial release","vulnerable_products": ["HPE Telco Service Orchestrator - Prior to v5.3.2]},"trigger_type": "resultitem:new","cybernality_details_url": "https://www.cybernality.ai/resultitem/view?ri_id=30527"}
This example shows how a security_advisory message would appear when delivered to a webhook. The contents of data follow the defined structure for this payload type.
You can configure certain aspects of the webhook message format:
Option | Description |
| Wraps the entire payload inside a named outer key (e.g., "event_wrapper"). |
| Specifies where the webhook is delivered. |