Push scored events to your SIEM, CRM, Slack, or any HTTP endpoint in real time. Available on Pro and Enterprise plans.
Add a webhook endpoint from the Webhooks tab in your dashboard. Enter your HTTPS endpoint URL, select the events you want to receive, and save. GhostGuard generates a unique signing secret for each webhook.
| Event | Triggered when |
|---|---|
| bot.detected | A session scores below the block threshold and is banned |
| session.suspicious | A session scores in the suspicious range (monitored) |
| mail.spam | An email connection scores as spam |
| mail.abuse | An email connection scores as abuse |
| ban.auto | GhostGuard automatically adds an entry to your ban list |
All webhook payloads are JSON with a consistent envelope:
Every webhook request includes an X-GhostGuard-Signature header containing an HMAC-SHA256 signature of the raw request body using your webhook secret. Always verify this before processing the payload.
If your endpoint returns a non-2xx response or does not respond within 5 seconds, GhostGuard marks the delivery as failed and will not automatically retry. Failed delivery counts are visible in the Webhooks tab of your dashboard.
Your endpoint should return 200 OK as quickly as possible and process the event asynchronously if needed. A slow endpoint that causes repeated timeouts will be automatically disabled after 10 consecutive failures.