{ "schema": "https://saferpage.de/schemas/monitoring-alert-delivery.v1", "generated_at": "2026-06-09T22:36:49+00:00", "domain": "dlrg-jugend.de", "idempotency_key": "sp-alert-0e4dad467116d04c0b9eec98", "dry_run": true, "does_not_send": true, "routing_summary": "dlrg-jugend.de: 3 Alert(s), primaerer Owner Datenschutz/IT, SLA 0-7 Tage.", "routing_rules": [ { "severity": "kritisch", "target": "incident_privacy_security", "notify": [ "Datenschutz/Legal", "IT/Security", "Management" ], "sla": "0-7 Tage" }, { "severity": "hoch", "target": "privacyops_backlog", "notify": [ "Fach-Owner", "Programm-Owner" ], "sla": "0-14 Tage" }, { "severity": "mittel", "target": "monitoring_review", "notify": [ "Compliance/IT" ], "sla": "naechster Review" }, { "severity": "niedrig", "target": "watchlist", "notify": [ "Compliance/IT" ], "sla": "laufend" } ], "signing_headers": { "X-SaferPage-Event": "monitoring.alert", "X-SaferPage-Domain": "dlrg-jugend.de", "X-SaferPage-Idempotency-Key": "sp-alert-0e4dad467116d04c0b9eec98", "X-SaferPage-Signature": "sha256=" }, "signature_verification": { "algorithm": "HMAC-SHA256", "canonical_payload": "payloads.generic_webhook encoded as JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES", "canonical_body_sha256": "9024a40c8c42a06dd869caf1615d0aed79ee43b7cb85f72d7b1e8d4e2d148805", "signature_header": "X-SaferPage-Signature", "signature_format": "sha256=", "secret_ref": "SAFERPAGE_WEBHOOK_SECRET oder SAFERPAGE_OPERATOR_WEBHOOK_SECRET im Secret Manager", "example_verify_command": "printf %s \"$BODY\" | openssl dgst -sha256 -hmac \"$SAFERPAGE_WEBHOOK_SECRET\" -binary | xxd -p -c 256", "receiver_must_check": [ "X-SaferPage-Event equals monitoring.alert", "X-SaferPage-Domain matches expected domain", "X-SaferPage-Idempotency-Key was not processed before", "HMAC over the exact request body matches X-SaferPage-Signature", "Body-SHA-256 matches the audited canonical body when using the public test fixture" ], "failure_policy": "Reject unsigned, mismatched, replayed or duplicate payloads; keep alert in manual review queue." }, "verification_test_fixture": { "purpose": "Öffentlicher Testfall fuer Empfaenger-Implementierungen. Nicht als produktives Secret verwenden.", "test_secret": "saferpage_monitoring_delivery_test_secret_do_not_use_in_production", "canonical_body_sha256": "9024a40c8c42a06dd869caf1615d0aed79ee43b7cb85f72d7b1e8d4e2d148805", "expected_signature": "sha256=df0deb0e03f310771e9192101be3159080e53167e7516b0a2c2f3d73285b59e1", "expected_signature_header": "X-SaferPage-Signature: sha256=df0deb0e03f310771e9192101be3159080e53167e7516b0a2c2f3d73285b59e1", "positive_test": "Empfaenger akzeptiert den unveraenderten generic_webhook-Body mit expected_signature und Idempotency-Key.", "negative_tests": [ "Body um ein Zeichen veraendern: Signatur muss abgelehnt werden.", "X-SaferPage-Domain auf andere Domain setzen: Payload muss abgelehnt werden.", "X-SaferPage-Idempotency-Key erneut senden: Payload muss als Duplikat abgelehnt oder ignoriert werden.", "Signature-Prefix entfernen oder falschen Algorithmus nutzen: Payload muss abgelehnt werden." ], "sample_commands": { "body_sha256": "printf %s \"$BODY\" | sha256sum", "expected_signature": "printf %s \"$BODY\" | openssl dgst -sha256 -hmac \"saferpage_monitoring_delivery_test_secret_do_not_use_in_production\" -binary | xxd -p -c 256", "curl_dry_run": "curl -X POST \"$WEBHOOK_URL\" -H \"Content-Type: application/json\" -H \"X-SaferPage-Event: monitoring.alert\" -H \"X-SaferPage-Domain: dlrg-jugend.de\" -H \"X-SaferPage-Idempotency-Key: sp-alert-0e4dad467116d04c0b9eec98\" -H \"X-SaferPage-Signature: sha256=df0deb0e03f310771e9192101be3159080e53167e7516b0a2c2f3d73285b59e1\" --data-binary @body.json" } }, "retry_policy": { "max_attempts": 5, "backoff": "1m, 5m, 15m, 1h, 6h", "dedupe_key": "idempotency_key", "dead_letter_action": "CSV/Markdown Runbook in Betreiberakte ablegen und Owner manuell informieren." }, "payloads": { "generic_webhook": { "event": "monitoring.alert", "domain": "dlrg-jugend.de", "scan": { "id": "235dc37d-addb-4b0b-9fd0-7cd3050cb701", "checked_at": "2026-06-09 09:18:56.465988+02", "score": 0, "score_delta": null }, "metrics": { "alert_count": 3, "high_or_critical_count": 2, "scan_count": 1, "new_finding_count": 0, "resolved_finding_count": 0, "technical_new_count": 0, "new_cookie_count": 0, "new_third_party_count": 0, "consent_score": 42 }, "primary_alert": { "id": "critical_score", "severity": "kritisch", "title": "Kritischer Datenschutz-/Trust-Score", "trigger": "Score 0/100", "impact": "Nutzer und Betreiber sollten personenbezogene Eingaben besonders vorsichtig prüfen.", "operator_action": "Basisfehler priorisieren: Datenschutzhinweis, Consent, HTTPS/Security, Anbieter und Impressum/Kontakt prüfen.", "owner": "Datenschutz/IT", "sla": "0-7 Tage", "evidence": "Letzter öffentlicher Score aus SaferPage-Scan.", "url": "https://saferpage.de/dlrg-jugend.de", "status": "offen prüfen" }, "alerts": [ { "id": "critical_score", "severity": "kritisch", "title": "Kritischer Datenschutz-/Trust-Score", "owner": "Datenschutz/IT", "sla": "0-7 Tage", "url": "https://saferpage.de/dlrg-jugend.de" }, { "id": "consent_gap", "severity": "hoch", "title": "Consent-Score unter Zielschwelle", "owner": "Marketing/IT/Datenschutz", "sla": "0-14 Tage", "url": "https://saferpage.de/consent/dlrg-jugend.de" }, { "id": "history_missing", "severity": "mittel", "title": "Noch wenig Verlauf für Alerting", "owner": "Compliance/IT", "sla": "0-30 Tage", "url": "https://saferpage.de/monitoring/domain/dlrg-jugend.de" } ], "links": { "alert_center": "https://saferpage.de/alarme/dlrg-jugend.de", "json": "https://saferpage.de/alarme/dlrg-jugend.de/export", "csv": "https://saferpage.de/alarme/dlrg-jugend.de/export-csv", "runbook_markdown": "https://saferpage.de/alarme/dlrg-jugend.de/runbook-md", "delivery_json": "https://saferpage.de/alarme/dlrg-jugend.de/delivery-json", "report": "https://saferpage.de/dlrg-jugend.de", "change_center": "https://saferpage.de/aenderungen/dlrg-jugend.de", "monitoring": "https://saferpage.de/monitoring/domain/dlrg-jugend.de", "json_feed": "https://saferpage.de/monitoring/domain/dlrg-jugend.de/feed", "rss_feed": "https://saferpage.de/monitoring/domain/dlrg-jugend.de/feed?format=rss", "operator_board": "https://saferpage.de/betreiber/dlrg-jugend.de", "risk_center": "https://saferpage.de/risiko/dlrg-jugend.de" } }, "slack_block_kit": { "text": "[KRITISCH] SaferPage Alert fuer dlrg-jugend.de: Kritischer Datenschutz-/Trust-Score", "blocks": [ { "type": "header", "text": { "type": "plain_text", "text": "SaferPage Alert: dlrg-jugend.de" } }, { "type": "section", "text": { "type": "mrkdwn", "text": "*KRITISCH* - Kritischer Datenschutz-/Trust-Score\nOwner: Datenschutz/IT | SLA: 0-7 Tage" } }, { "type": "section", "text": { "type": "mrkdwn", "text": "Basisfehler priorisieren: Datenschutzhinweis, Consent, HTTPS/Security, Anbieter und Impressum/Kontakt prüfen." } }, { "type": "actions", "elements": [ { "type": "button", "text": { "type": "plain_text", "text": "Report" }, "url": "https://saferpage.de/dlrg-jugend.de" }, { "type": "button", "text": { "type": "plain_text", "text": "Runbook" }, "url": "https://saferpage.de/alarme/dlrg-jugend.de/runbook-md" } ] } ] }, "teams_adaptive_card": { "type": "message", "attachments": [ { "contentType": "application/vnd.microsoft.card.adaptive", "content": { "type": "AdaptiveCard", "version": "1.4", "body": [ { "type": "TextBlock", "size": "Large", "weight": "Bolder", "text": "SaferPage Alert: dlrg-jugend.de" }, { "type": "TextBlock", "text": "KRITISCH - Kritischer Datenschutz-/Trust-Score", "wrap": true }, { "type": "FactSet", "facts": [ { "title": "Owner", "value": "Datenschutz/IT" }, { "title": "SLA", "value": "0-7 Tage" }, { "title": "Score", "value": "0" } ] }, { "type": "TextBlock", "text": "Basisfehler priorisieren: Datenschutzhinweis, Consent, HTTPS/Security, Anbieter und Impressum/Kontakt prüfen.", "wrap": true } ], "actions": [ { "type": "Action.OpenUrl", "title": "Report oeffnen", "url": "https://saferpage.de/dlrg-jugend.de" }, { "type": "Action.OpenUrl", "title": "Alerts oeffnen", "url": "https://saferpage.de/alarme/dlrg-jugend.de" } ] } } ] }, "jira_issue": { "fields": { "summary": "SaferPage KRITISCH: dlrg-jugend.de - Kritischer Datenschutz-/Trust-Score", "description": "Basisfehler priorisieren: Datenschutzhinweis, Consent, HTTPS/Security, Anbieter und Impressum/Kontakt prüfen.\n\nReport: https://saferpage.de/dlrg-jugend.de\nRunbook: https://saferpage.de/alarme/dlrg-jugend.de/runbook-md", "labels": [ "saferpage", "privacyops", "monitoring-alert", "kritisch" ], "priority": { "name": "High" }, "customfield_owner_hint": "Datenschutz/IT", "customfield_sla_hint": "0-7 Tage" } }, "email_digest": { "subject": "[KRITISCH] SaferPage Alert fuer dlrg-jugend.de", "preheader": "Kritischer Datenschutz-/Trust-Score - Owner Datenschutz/IT, SLA 0-7 Tage", "body_lines": [ "Basisfehler priorisieren: Datenschutzhinweis, Consent, HTTPS/Security, Anbieter und Impressum/Kontakt prüfen.", "Report: https://saferpage.de/dlrg-jugend.de", "Runbook: https://saferpage.de/alarme/dlrg-jugend.de/runbook-md" ] } }, "alert_count": 3, "links": { "alert_center": "https://saferpage.de/alarme/dlrg-jugend.de", "json": "https://saferpage.de/alarme/dlrg-jugend.de/export", "csv": "https://saferpage.de/alarme/dlrg-jugend.de/export-csv", "runbook_markdown": "https://saferpage.de/alarme/dlrg-jugend.de/runbook-md", "delivery_json": "https://saferpage.de/alarme/dlrg-jugend.de/delivery-json", "report": "https://saferpage.de/dlrg-jugend.de", "change_center": "https://saferpage.de/aenderungen/dlrg-jugend.de", "monitoring": "https://saferpage.de/monitoring/domain/dlrg-jugend.de", "json_feed": "https://saferpage.de/monitoring/domain/dlrg-jugend.de/feed", "rss_feed": "https://saferpage.de/monitoring/domain/dlrg-jugend.de/feed?format=rss", "operator_board": "https://saferpage.de/betreiber/dlrg-jugend.de", "risk_center": "https://saferpage.de/risiko/dlrg-jugend.de" }, "disclaimer": "Payloads sind Integrationsvorlagen. Webhook-Secret, Zielsystem, Empfaenger, Zugriffsschutz und reale Ticketfelder muessen Betreiber intern konfigurieren." }