SIEM Integration

Introduction

The JavaScript Threat monitoring module allows customers to gain visibility over the attacks against their own applications.

A Real-time notification is sent to an external service (on Jscrambler Premises) as soon as some kind of violation occurs such as your JavaScript code being tampered with or used in a different environment or date from the one(s) you have set on your protection configuration.

By default, you can monitor the Real-Time Notifications on your Dashboard - Live-Feed page.

You can also forward and aggregate this valuable security Information into a SIEM (e.g. Elasticsearch,Splunk) which will help you automate the process of looking at audit logs and alerting.

To access the SIEM Integrations page, please go to the Jscrambler Dashboard, select the target application,and then click on the Integration link under the Setup section.

Integrations List

Currently, we have available two types of drivers (detailed below) that your SIEM will most likely be compatible with.

Note: you can have up to 10 integration per Jscrambler application.

Elasticsearch

To set up Real-Time notifications with an Elasticsearch instance, select Elasticsearch Notification driver on the dropdown box and click on the add button.

Fields marked with * are mandatory

Elasticsearch Modal

Configure the following parameters according to your elasticsearch set up:

  • Title: Name of this integration
  • Uri: Network endpoint of your elasticsearch instance (must be publicly available)
  • Accept All Certificates: turn-on to allow self-signed certificates
  • Username/Password: client authorization to the elastic search instance
  • Request Timeout (milliseconds): maximum amount of time waiting for the request to be completed
  • Max. Number of Retries: number of times the service attempts to deliver the Real-Time Notification once the first attempt fails
  • Elasticsearch Index: name of the elasticsearch index where your notifications will be grouped
  • Elasticsearch Type: name of the elasticsearch type

When you are done, click on the create button to validate and store the configured elasticsearch integration.

At any time, you can make changes or remove the elasticsearch integrations.

Webhook

To set up Real-Time notifications with a Webhook, select Webhook Notification driver on the dropdown box and click on the add button.

Fields marked with * are mandatory

Elasticsearch Modal

Configure the following parameters according to your SIEM (should be capable of receiving http(s) requests):

  • Title: Name of this integration
  • Endpoint to send a POST Request: Network endpoint of your http(s) server instance (must be publicly available)
  • Basic Authentication Username/Password: client authorization to the http(s) server
  • Support Self Signed Certificates: turn-on to allow self-signed certificates
  • Max. Number of Retries: number of times the service attempts to deliver the Real-Time Notification once the first attempt fails

When you are done, click on the create button to validate and store the configured webhook integration.

At any time, you can make changes or remove the webhook integrations.