August 6, 2019 By jason-mcalpin 3 min read

We are excited to announce the new Notification capability in Security Advisor.

The lifecycle activities of a typical security and compliance posture management—or any cybersecurity framework—will include detecting threats and responding to those security events.

IBM Cloud Security Advisor is the go-to security console for posture management. You can view and analyse the threats, vulnerabilities, and findings from your security tools in one dashboard with Security Advisor.

We are excited to announce the new Notification capability in Security Advisor to alert security focals on critical findings.

To get started, you can add a notification channel and then configure it to use a webhook URL. Security Advisor notifies you by invoking the actions that you specify in the webhook. For example, you might run playbook to trigger PagerDuty or forward the findings to a SIEM product for further investigation.

Try it out!

Ready to try out notifications for yourself? You can use the sample code that we’ve provided that runs on Node.js, or you can walk through while using your own code.

Create a Cloud Function

A Cloud Function is a piece of code that runs only in response to a trigger, which means that you don’t have to pay for or maintain servers while they’re idle. To get started, go to the Functions dashboard in the IBM Cloud GUI:

  1. Select the Actions tab, click Create, and then click Create new action.
  2. Give the action a name and choose the default.
  3. Select a runtime. If you’re using the sample, select Node.js.
  4. Click Create. Now you’re ready to add code.
  5. Add your own or use the sample code that we’ve provided. 
  6. Retrieve web action URL—click on the action you created in the Actions Page. Retrieve the web action URL by following the Endpoints in the left navigation of the resulting page.

Add a notification channel

Now that you have a Function and a web action URL, you’re ready to connect the action to Security Advisor.

  1. Open your Security Advisor dashboard and select Notification channels from the navigation.
  2. Click Add notification channel and provide a name.
  3. Select Webhook from the Method drop-down.
  4. Enter the web action URL that you obtained from the Cloud Functions UI.
  5. Click Save.

Now, you can see the channel in your notification channel list.

Test the configuration

To ensure that your configuration is set up correctly, click Test connection in the overflow menu of the channel that you created. Security Advisor sends a notification that contains fake data to your Cloud Function. If everything is configured correctly, your Function runs.

From now on, whenever a new finding is received by Security Advisor for your account, a GitHub issue is created or a Slack alert is sent based on the severity of the finding.

Feedback and questions

We’d love to hear your feedback and questions. For technical questions, check out Stack Overflow with the security-advisor and ibm-cloud tags. For non-technical questions, use IBM developerWorks with the security-advisor tag. To get started for free, see the IBM Cloud Security Dashboard.

More from Announcements

IBM Hybrid Cloud Mesh and Red Hat Service Interconnect: A new era of app-centric connectivity 

2 min read - To meet customer demands, applications are expected to be performing at their best at all times. Simultaneously, applications need to be flexible and cost effective, and therefore supported by an underlying infrastructure that is equally reliant, performant and secure as the applications themselves.   Easier said than done. According to EMA's 2024 Network Management Megatrends report only 42% of responding IT professionals would rate their network operations as successful.   In this era of hyper-distributed infrastructure where our users, apps, and data…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM and MuleSoft expand global relationship to accelerate modernization on IBM Power 

2 min read - As companies undergo digital transformation, they rely on APIs as the backbone for providing new services and customer experiences. While APIs can simplify application development and deliver integrated solutions, IT shops must have a robust solution to effectively manage and govern them to ensure that response times and costs are kept low for all applications. Many customers use Salesforce’s MuleSoft, named a leader by Gartner® in full lifecycle API management for seven consecutive times, to manage and secure APIs across…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters