Alerts Using Cisco Secure Application

The Alerts tab allows you to configure email and HTTP based alerts. You can set up actions to get alerted when Cisco Secure Application detects new attacks, vulnerabilities, or business risks. 

Only users with Edit (admin or tenant level) permission can access Alerts. An RBAC user with less privileges than admin or tenant level cannot create alerts. 

Create an HTTP Alert 

1. From the Cisco Secure Application dashboard, navigate to Alerts. 
2. From the HTTP tab, click + Add Action. 
3. Enter the Action Name. 
   Do not use special characters in the Action Name.
4. Select the Event Type: Vulnerability, Business Risk, or Attack. 
5. Click Next.
6. Enter following Action Details:
   • Method Type: POST
   • Encoding: UTF-8
   • (Optional) Applications: Select up to 100 applications that this action applies to from the pull-down list. You can filter the list by typing into it. By default, this action applies to all applications. 
   • Raw URL: Enter the Raw URL of your HTTP request.
7. Click Next.

8. For Authentication Type, select:

   • None – if  the communication is not encrypted
   • Basic and enter your username and password
   • Bearer Token and enter your token
9. Click Next. 
10. (Optional) Specify custom headers for the request.
11. Click Next.
12. Add Payload. The payload must be valid JSON.
    You can copy Predefined Variables, and paste the variables in the Editor. For example, if you select Business Risk as the Event Type, then you can view business transaction variables when you Add Payload. 
    
    

    Select the predefined variable $attack.events to include details related to any vulnerability associated with the attack in the payload. 

    Select the predefined variable $attack.events to include up to 256 lines of the stack trace in the payload.

13. Confirm and review the following information: cURL, General Information, Actions, Security, Custom Headers, and Payload.
    
    Sample payload for ServiceNow: 
    
    
    Sample action that applies only to a few applications:
    
14. Click Save. 
    Once you click Save, default Rules are automatically generated. To see the rules, click the Rule tab. If you specified which applications this action applies to, those applications are listed on the Rules tab in the Application column.

Create an Email Alert 

You can also view <= 100 vulnerabilities, business risks, or attacks per email notification. To view > 100 vulnerabilities, business risks, or attacks, sign in to the UI. 

1. From the Cisco Secure Application dashboard, navigate to Alerts. 
2. Click the Email tab, then click + Add Action. 
3. Enter the Action Name. 
   Do not use special characters in the Action Name.
4. Select the Event Type: Vulnerability, Business Risk, or Attack. 
5. Click Next.
6. Enter following Action Details:
   1. (Optional) Select Notify directly in case of an exploited attack, if you would like to receive email alerts for exploited attacks. 
   2. Email
   3. Email Digest
7. Click Next. 
8. Select fields to report and click Next. 
9. Confirm and review the following information: General Information, Actions, Fields. 
10. Click Save. 
    Once you click Save, default Rules are automatically generated.