Alerts Using Cisco Secure Application

This page focuses on the Alerts feature using Cisco Secure Application. The Alerts tab allows you to configure email and HTTP based alerts. You can set up Actions to get alerted when new vulnerabilities or business risks are detected. 

Only users with the Edit permission can access Alerts. 

Create an HTTP Alert 

1. From the Cisco Secure Application dashboard, navigate to Alerts. 
2. From the HTTP tab, click + Add Action. 
3. Enter the Action Name. 
   Do not use special characters in the Action Name.
4. Select the Event Type: Vulnerability, Business Risk, or Attack. 
5. Click Next.
6. Enter following Action Details:
   1. Method Type: POST
   2. Encoding: UTF-8
   3. Raw URL: Enter the Raw URL of your HTTP request.
7. Click Next.

8. For Authentication Type, select:

   • None – if  the communication is not encrypted
   • Basic and enter your username and password
   • Bearer Token and enter your token
9. Click Next. 
10. (Optional) Specify custom headers for the request.
11. Click Next.
12. Add Payload. The payload must be valid JSON.
    You can copy Predefined Variables, and paste the variables in the Editor. For example, if you select Business Risk as the Event Type, then you can view business transaction variables when you Add Payload. 
    
    

    Select the predefined variable $attack.events to include details related to any vulnerability associated with the attack in the payload. 

    Select the predefined variable $attack.events to include up to 256 lines of the stack trace in the payload.

    
    
13. Confirm and review the following information: cURL, General Information, Actions, Security, Custom Headers, and Payload.
    Example payload for ServiceNow: 
    
    
14. Click Save. 
    Once you click Save, default Rules are automatically generated. 

Create an Email Alert 

You can also view <= 100 vulnerabilities, business risks, or attacks per email notification. To view > 100 vulnerabilities, business risks, or attacks, sign in to the UI. 

1. From the Cisco Secure Application dashboard, navigate to Alerts. 
2. Click the Email tab, then click + Add Action. 
3. Enter the Action Name. 
   Do not use special characters in the Action Name.
4. Select the Event Type: Vulnerability, Business Risk, or Attack. 
5. Click Next.
6. Enter following Action Details:
   1. (Optional) Select Notify directly in case of an exploited attack, if you would like to receive email alerts for exploited attacks. 
   2. Email
   3. Email Digest
7. Click Next. 
8. Select fields to report and click Next. 
9. Confirm and review the following information: General Information, Actions, Fields. 
   
10. Click Save. 
    Once you click Save, default Rules are automatically generated.