Step 3: Set up notifications for vulnerabilities

Notifications allow third-party platforms to ingest information through webhooks. Currently, Secure Application in Splunk Observability Cloud only supports HTTP-based notifications.

How notifications work

The Secure Application JVM agent sends library dependency information to Secure Application. Certain conditions related to this information triggers a notification, such as:

  • Secure Application identifies a new vulnerability match.
  • A matched library disappears (due to an upgrade).
  • Secure Application finds a new vulnerability on an existing library.

When a notification is triggered, Secure Application delivers that notification directly to the endpoint you specified when you set up the notification rule. Your specified endpoint receives a predefined JSON payload containing information about the vulnerability.

Create a rule to send a notification:

  1. Select Application Security > Notifications > Create notification rule.

  2. Specify settings for the new rule:

    • Rule name: Name of the rule.

    • URL: Endpoint to deliver the notification to.

    • Bearer token:

      To send notifications to Splunk Cloud or Splunk Platform

      1. Generate an HTTP Event Collector (HEC) token that allows access to your account. To learn more, see Set up and use HTTP Event Collector in Splunk Web.

      2. Paste the HEC token you generated into the Bearer token field. Example: Splunk hec-token.

      To send notifications to other platforms

      Enter the Authorization: Bearer header value (token) for your webhook URL auth.

    • Environment: List of allowed services as a filter. Optional.
    • Service: List of allowed environments as a filter. Optional.
  3. Select Activate.