Title
Create new category
Edit page index title
Edit category
Edit link
File scanned notifications
Overview
File Scanned webhook notifications allow you to receive real-time alerts whenever a file has been scanned by MetaDefender Storage Security. This feature is useful if you need to:
Track the outcome of file scans for auditing or compliance.
Integrate scan results into external systems (e.g., ticketing, alerting, SIEM).
Trigger automated workflows based on file status (e.g., quarantine, user notification).
Setup
Go to Settings > Notifications in the MetaDefender Storage Security console.
Select Send a webhook notification when a file is scanned under the Webhook Notifications section
Choose whether you want to receive notifications for all scanned files or only blocked files.
Enter the Destination Address (your endpoint).
Select the Request Type (POST or PUT).
(Optional) Add any custom HTTP headers.
Save the configuration.

Configuration Details
Destination address – The URL of the receiving system (must accept HTTP requests).
Request type – Either
POSTorPUT.Headers – Optional key-value pairs (e.g.,
Authorization: Bearer <token>).Notification scope – Choose between:
All scanned files → You will receive a notification for every file scanned.
Blocked only → You will only receive notifications when a file is marked as blocked in MetaDefender Storage Security (see File Definition)
Webhook Payload
When triggered, the webhook sends a JSON request body to your configured endpoint.
Field Reference
Field | Type | Example Value | Description |
|---|---|---|---|
| string (UUID) |
| Unique identifier of the file. |
| string |
| Original file name. |
| string |
| File's relative path. |
| string |
| File status based on MDSS file definitions |
| string |
| Result from Scan instance. |
| string |
| File status in MDSS. |
| array[string] |
| Array of remediations applied and their result |
| datetime (UTC) |
| Time when scan completed. |
| string |
| Name of the workflow used. |
| array[string] |
| Workflow rules applied. |
| string | "" | Details of any exceptions during scan. |
| array[string] |
| Errors during remediation, if any. |
| string |
| Identifies the notification type. |
Delivery Behavior
Webhooks are delivered as standard HTTP requests.
Delivery is best-effort → if the destination is invalid, the request is logged in the Audit page, but no retries are performed.
Payload size is typically small (JSON only, no file contents).
Security Considerations
Configure HTTPS endpoints to ensure data is transmitted securely.
Use authentication headers (e.g., API tokens) to protect your webhook endpoint.
Ensure your endpoint validates payloads before processing.
Troubleshooting
No webhook received → Verify the endpoint URL and request type (POST/PUT).
Audit shows delivery failed → Endpoint is invalid. Fix and test again.
Authentication errors → Confirm your endpoint accepts the headers you configured.