Webhook Plugin for Ticket Orchestrator

Webhook Plugin for Ticket Orchestrator

This document explains how to configure the Webhook ITSM integration with the Ticket Orchestrator module of the Netskope Cloud Exchange platform. This plugin is used to create a Webhook on a platform that supports Webhook. This plugin only uses the POST method.


To complete this configuration, you need:

  • A Netskope tenant (or multiple, for example, production and development/test instances) that is already configured in Cloud Exchange.
  • A Netskope Cloud Exchange tenant with the Ticket Orchestrator module already configured.
  • A Webhook account.
  • Connectivity to the following hosts:
    • A Netskope tenant.
    • An account with a Webhook URL.
CE Version Compatibility

Netskope CE: v4.1.0, v4.2.0

Plugin Scope

This plugin supports creating notifications for Netskope alerts.

Webhook Plugin Support
Supported Alert types for notifications Anomaly, Compromised Credentials, policy, Legal Hold, malsite, Malware, DLP, Security Assessment, watchlist, quarantine, Remediation, uba, ctep



Permission to send data to Webhook URL.

Performance Matrix

This performance reading has been considered after keeping the plugin running for a few hours and taking random readings per minute to collect the average count for the number of tickets that are generated in Webhook. The readings are collected on a Large CE Stack with below mentioned specifications.

Stack Details Size: Large

RAM: 32 GB

CPU: 16 Cores

Notifications created on third-party product ~ 500 Notifications per Minutes
API Details

The plugin uses the Webhook URL to execute data transmission via a POST request directed at the provided URL.

List of APIs Used

Create Ticket


API Endpoint

<URL of your Webhook>






{"text": "This is a new message.", "unflur_link": true}

API Request Endpoint

<URL of your Webhook>

For example,


Sample API Response

User Agent

The user agent added for this plugin is in the following format:


which will be:



  1. Get a Webhook URL.
  2. Configure the Webhook Plugin.
  3. Create a Ticket Orchestrator Business Rule for Webhook.
  4. Create a Ticket Orchestrator Queue for Webhook.
  5. Validate on the Ticket Section.
  6. Validate on the Webhook app (like Chat).

Click play to watch a video.


Get an Webhook URL

  1. To create a Webhook URL, go to Google Chat > Spaces.
  2. Click Space Name.
  3. Click Apps & integrations.
  4. Click Add webhooks.
  5. Enter a Name for your Webhook and click Save.
  6. Click the three dots and Copy Link, then save the URL at a secure location. You will need this to configure the Webhook plugin.

Configure the Webhook Plugin

  1. Go to Settings > Plugins. 
  2. Search for and select the Webhook plugin box. (make sure the Ticket Orchestrator module is enabled. If not, go to Settings > General and enable the Ticket Orchestrator module).
  3. Enter a Configuration Name.
  4. Adjust the Sync Interval to the appropriate value: Suggested is 5+ minutes.
  5. Click Next.
  6. Enter your WebHook URL. It will be in the following format: https://chat.googleapis.com/v1?/*****.
  7. Click Save.

Create a Ticket Orchestrator Business Rule for Webhook

Create a business rule based on the filters you need to generate tickets in the Webhook plugin

  1. Under the Ticket Orchestrator module, select Business Rules.
  2. Click Create new rule.
  3. Enter the appropriate Rule Name in the text box and build the appropriate filter query condition on the field(s) for the business rule. You can also type the query manually by clicking Filter Query.
  4. Click Save.
  5. To test the newly created business rule, click on the icon and enter the Time period (in days), and then click Fetch. This will show the number of alerts that are eligible for incident/ticket creation.

Create a Ticket Orchestrator Queue for Webhook

    1. In Ticket Orchestrator, click Queues.
    2. Click Add Queue Configuration.
    3. Select the previously created Business Rule from the dropdown.
    4. Select the plugin Configuration from the dropdown for which the queue is being configured.
    5. Select the Queues from the dropdown that will have Notification. The notification will be created in the selected webhook.
    6. Add/Map appropriate values between alerts and incidents under the Map Field section. Alert’s attributes can be accessed via $ in the custom message field.


You must provide the value of the field in JSON format, like {“text”:”$url”}

  1. Click Save.
  2. Based on the business rule(s), Webhook notifications for incoming alerts will be created automatically. To create Webhook Notifications for historical alerts, click on the configured queue and enter the Time Period (in days), and then click Fetch. This will show the number of alerts that are eligible for ticket creation. Click Sync to create Webhook data for those alerts.

Validate the Webhook Plugin

Validate in Cloud Exchange

In order to validate the workflow, you must have Netskope Alerts.

  1. To view the list of tickets created on Webhook, go to Tickets under the Ticket Orchestrator menu.
  2. If tickets are not being created on Webhook, you can look at the audit logs in Cloud Exchange > Logging. Apply filter: “Type any in Error.

Validate on the Webhook Supported Platform

Go to the Webhook URL platform (in our case Google chat group).

Troubleshooting the Webhook Plugin

Unable to create notification using plugin

If you are not able to share any notifications from plugin it might be due to one reasons:

  • If you are not able to send data to Webhook URL please check whether new alerts are been fetched or not.

What to do: If you are receiving the above issue it might be due to the above-mentioned point. In order to resolve this issue follow these steps respectively:

  • If you are not able to send data to Webhook URL.
    1. Go to Netskope CE.
    2. Click on Ticket Orchestrator.
    3. Click on Alerts.
    4. Check whether new alerts are present or not.

Limitation of the Webhook Plugin

One notable constraint arises when converting data to JSON. If the description field within the JSON conversion contains double quotes, it results in an error due to the presence of dynamic fields with double quotes in them, rendering the JSON object invalid.

Share this Doc

Webhook Plugin for Ticket Orchestrator

Or copy link

In this topic ...