1. Overview of Webhooks in Cloudmersive Storage Protect

What is Cloudmersive Storage Protect?
Cloudmersive Storage Protect is a solution that continuously scans your cloud storage for viruses, malware, and other security threats. It monitors file uploads (and optionally, file modifications) and automatically quarantines or deletes malicious files.

What is a webhook?
A webhook is a user-defined callback over HTTP/HTTPS. In the context of Cloudmersive Storage Protect, a webhook lets you receive real-time notifications of the scanning results for uploaded or modified files. When a file is scanned, Cloudmersive will send a POST request with the scan results to your specified webhook endpoint.

Key Benefits of Using Webhooks

1. Real-time Notifications: Get near-instant alerts and scanning results without polling.
2. Automation: Trigger workflows, such as quarantining or deleting malicious files, or notifying team members in a chat tool.
3. Customization: Decide how you want to handle the scanning result (e.g., logging, additional scanning, applying policies).

2. Setting up Webhooks in Cloudmersive Storage Protect

1. Log in to your Cloudmersive account.
2. Navigate to the Storage Protect or Security section (depending on the version of the console).
3. Under Settings or Integrations, look for Webhook Configuration.
4. Enter your Webhook URL. This is the endpoint where you want Cloudmersive to deliver scanning results. For example:

   https://your-app.example.com/api/cloudmersive/webhook
   

5. (Optional) Specify Authentication details if your endpoint requires them (e.g., Basic Auth headers, Bearer tokens).
6. (Optional) Configure Events you’d like notifications for. Typically, you can select:
   • New file uploaded
   • File modified
   • (Other advanced events depending on your environment)
7. Save your configuration.

Note: Ensure your webhook endpoint is publicly accessible or routeable from Cloudmersive’s servers, unless you’ve configured a private networking option.

3. Webhook Payload and Format

When Cloudmersive triggers a webhook after scanning a file, it will typically send a JSON payload (via an HTTP POST) similar to:

{
  "eventId": "abcdef123456",
  "timestamp": "2025-01-01T12:34:56Z",
  "storageProvider": "AzureBlob", 
  "containerName": "my-container", 
  "fileName": "my-uploaded-file.pdf",
  "fileUrl": "https://mystorage.blob.core.windows.net/my-container/my-uploaded-file.pdf",
  "scanResult": {
    "isMalicious": false,
    "threatFound": "None",
    "scanEngine": "Cloudmersive Antivirus v2025.1",
    "scanTimestamp": "2025-01-01T12:34:58Z",
    "actionTaken": "None"
  }
}

Depending on your configuration, storageProvider could be "AzureBlob", "GCPStorage", "SharePoint", or "S3", and the fields may vary slightly.

4. Configuring Webhook Support by Storage Provider

Below are common patterns to integrate each major cloud storage platform with Cloudmersive Storage Protect’s webhooks. Each platform typically supports event hooks or triggers that you can tie into Cloudmersive scanning. Cloudmersive Storage Protect can operate in an auto-scan mode or via your custom application flow.

4.1 Azure Blob Storage

4.1.1 Overview

• You can use Azure Event Grid or Azure Functions to trigger an antivirus scan whenever a new blob is uploaded or updated in your storage account.
• Cloudmersive Storage Protect can be configured to watch a specific container (or multiple containers).

4.1.2 Typical Setup

1. Connect Azure Blob Storage to Cloudmersive:
   • In the Cloudmersive Storage Protect portal, add an Azure Blob integration. Provide your storage account name and credentials (SAS token or access keys), or grant a managed identity with necessary permissions.
2. Enable Continuous Scan:
   • Configure Cloudmersive to automatically scan new or updated blobs in the selected container(s).
3. Webhook Configuration:
   • In Cloudmersive, set your webhook URL (as described in Section 2).
   • When a file is scanned, Cloudmersive will POST the results to that webhook.

4.1.3 Receiving and Handling the Webhook

• In your receiving application (e.g., a Node.js Express app, C# ASP.NET Core, Python Flask, etc.), parse the JSON body for scanResult.
• Take action based on isMalicious:
  • If true, you might delete or quarantine the blob.
  • If false, you might finalize the file for further processing or simply log the scan result.

4.2 Google Cloud Storage

4.2.1 Overview

• Google Cloud Storage can trigger events via Google Cloud Functions or Pub/Sub notifications whenever a new object is created or updated.
• Cloudmersive Storage Protect integrates similarly by continuously polling or hooking into events to scan files.

4.2.2 Typical Setup

1. Connect GCP Storage:
   • In Cloudmersive, configure a GCP connection. Provide the JSON key for a service account with the relevant Storage permissions or use a token-based approach.
2. Enable Continuous Scan:
   • Choose the bucket(s) to monitor.
3. Webhook Configuration:
   • Same as Azure; specify the Webhook URL in Cloudmersive’s portal.

4.2.3 Receiving and Handling the Webhook

• Cloudmersive will call your webhook endpoint with the scanning outcome.
• On your side, parse the JSON, check the scanResult.isMalicious field, and determine whether to remove or retain the object in GCS.

4.3 SharePoint Online

4.3.1 Overview

• SharePoint Online can be integrated with Cloudmersive Storage Protect to scan documents in Document Libraries.
• Cloudmersive can use the Microsoft Graph API or direct SharePoint endpoints to locate and scan newly uploaded or modified files.

4.3.2 Typical Setup

1. Grant SharePoint Permissions:
   • In SharePoint Online (Office 365), register an application and provide the Cloudmersive scanning app with permission to read and modify files in the targeted Site Collections or Document Libraries.
2. Configure Storage Protect:
   • In the Cloudmersive Storage Protect portal, add SharePoint as a storage provider.
   • Provide tenant ID, client ID, and client secret, or configure certificate-based authentication.
3. Enable Continuous Scan:
   • Select which Site and Document Library to watch. Cloudmersive will monitor that location for new and modified files.
4. Webhook Configuration:
   • As with other providers, define your webhook URL under Cloudmersive’s settings.

4.3.3 Receiving and Handling the Webhook

• The webhook payload’s storageProvider will be "SharePoint".
• Check the scanResult and the file reference in SharePoint. If malicious, Cloudmersive (depending on your chosen action) can quarantine it or place it in a special folder. You can also write custom logic to notify administrators via email or Teams.

4.4 Amazon S3

4.4.1 Overview

• AWS S3 is commonly used for file storage. Cloudmersive supports scanning via an S3 integration that can be set to automatically scan new or updated objects.

4.4.2 Typical Setup

1. Connect AWS S3:
   • Provide Cloudmersive with your AWS Access Key and Secret Key, or set up an IAM Role with the necessary permissions (list, get, and put objects).
2. Enable Continuous Scan:
   • Select the S3 bucket(s) to be scanned. Cloudmersive can automatically watch for new or updated objects.
3. Webhook Configuration:
   • In Cloudmersive, specify your webhook endpoint.

4.4.3 Receiving and Handling the Webhook

• For S3, the payload storageProvider value will be "S3".
• If malicious content is found, you can automatically remove or quarantine the S3 object. Many customers also write logic to block further processing and notify an administrator or logging system.

5. Handling the Scan Results in Your Application

5.1 Example Webhook Endpoint (Node.js/Express)

Below is a minimal example of a Node.js Express endpoint to receive webhook notifications:

const express = require('express');
const bodyParser = require('body-parser');
const app = express();

app.use(bodyParser.json());

app.post('/api/cloudmersive/webhook', (req, res) => {
    const event = req.body;
    console.log('Received Cloudmersive event:', event);

    // Example fields
    const fileUrl = event.fileUrl;
    const isMalicious = event.scanResult.isMalicious;
    const threatFound = event.scanResult.threatFound;

    if (isMalicious) {
        console.warn(`File ${fileUrl} is malicious. Threat: ${threatFound}`);
        // e.g., quarantine or delete file from cloud storage
    } else {
        console.log(`File ${fileUrl} is clean.`);
        // proceed with normal file processing
    }

    // Return a 200 OK response so Cloudmersive knows you received the event
    res.sendStatus(200);
});

app.listen(3000, () => {
    console.log('Webhook listener running on port 3000');
});

5.2 Actions You Might Take

• Quarantine/Deletion: If the scanResult.isMalicious is true, you can call the respective cloud provider’s API to remove or move the file from the accessible folder/bucket.
• Notification: Send an email, message (e.g., Slack, Teams), or text alert to administrators.
• Audit Logging: Write the event to a SIEM (Security Information and Event Management) tool for compliance and tracking.

6. Security Best Practices

1. HTTPS Only: Always configure your webhook endpoint to use HTTPS, ensuring that scanning results and file metadata are encrypted in transit.
2. Webhook Authentication: Consider adding a secret token or Basic Auth to the webhook header, so you can verify that the request truly comes from Cloudmersive.
3. Validate Payload: Check the signature (if available) or a shared secret in the request to avoid spoofed calls.
4. Principle of Least Privilege: Grant Cloudmersive only the minimal required permissions on your storage accounts/buckets.
5. Handle Sensitive Data Carefully: The scanning results might contain references to sensitive data. Ensure your logs are protected and comply with any data privacy regulations.

7. Troubleshooting and Common Pitfalls

1. Webhook Not Receiving Calls:
   • Make sure your server is accessible from the internet (or from Cloudmersive IP ranges if you have IP allowlisting).
   • Double-check that you used the correct endpoint URL and method (POST).
2. Invalid Credentials:
   • If you see errors in the Cloudmersive console about unauthorized calls to your storage, verify the access keys or tokens and confirm their validity/scopes.
3. Scan Delays:
   • If scanning takes longer than expected, check Cloudmersive’s status or your concurrency limits. For large files, scanning can take more time.
4. Webhook Auth Failures:
   • Ensure that any required headers or tokens for your webhook endpoint are configured correctly in the Cloudmersive Storage Protect settings.

8. Conclusion

Webhooks in Cloudmersive Storage Protect allow you to automate real-time responses to potential threats in your Azure Blob Storage, Google Cloud Storage, SharePoint Online, or Amazon S3 environment. By configuring a webhook, you can seamlessly integrate antivirus scanning into your application workflows, ensuring malicious files are caught early and appropriate actions are taken immediately.

Next Steps:

• Configure your chosen storage provider in the Cloudmersive console.
• Set up your secure webhook endpoint.
• Implement automated responses to malicious files.
• Monitor performance and logs for compliance and auditing.

For more detailed instructions or the latest features, consult the official Cloudmersive Documentation or contact their support team.

This documentation provides a high-level reference and may require adaptation to your specific environment or security policies. Always test thoroughly in a development environment before deploying to production.