Open menu

Webhook Communication


Dashboard > Select {Account} > Settings > Communication settings > Update communication settings > Configure ‘Webhook’

Trend Micro Cloud One™ – Conformity supports notifications sent via a custom webhook channel. These notifications will be sent to user-created channels with all relevant users receiving the notifications.

  1. Click on Create a Webhook channel.
  2. Set automatic notifications.
  3. Configure Triggers.
  4. Configure now will allow the addition of a Webhook channel using the following parameter
  5. Webhook URL: Make sure that you enter a secure Webhook URL with ‘https’
    • URL cannot begin with http:// (only https://)
    • URL cannot contain localhost
    • URL cannot contain an IP address
  6. Webhook Security Token

    Any non-base64 characters will not be accepted

Validating payloads from Conformity If you decide to set the optional security token, Conformity uses it to create a hash signature with each payload.The hash signature is passed along with each request to the url you have specified in the headers as X-Conformity-Signature.

The idea is to compute a hash using your provided security token, and ensuring that the hash from our end matches with your end. The hash signature is generated from Conformity and uses HMAC hexdigest (sha-256) so you could set up your server similar to this example below:

const signatureHash = request.headers["X-Conformity-Signature"];

const hmac = crypto.createHmac("sha256", YOUR_SECURITY_TOKEN);

const digest = Buffer.from(



const checksum = Buffer.from(signatureHash, "utf8");

if (

checksum.length !== digest.length ||

!crypto.timingSafeEqual(digest, checksum)

) {


Request body digest (${digest}) did not match X-Conformity-Signature (${checksum})


throw new Error("Hashes do not match!");


console.log("Hashes match!");

  1. Copy communication settings

Once the channel creation is successful, you will be able to see the Webhook channel from your Communication Settings.