The JavaScript Threat monitoring module allows customers to gain visibility over the attacks against their own applications.
A Real-time notification is sent to an external service (on Jscrambler Premises) as soon as some kind of violation occurs such as your JavaScript code being tampered with or used in a different environment or date from the one(s) you have set on your protection configuration.
By default, you can monitor the Real-Time Notifications on your Dashboard - Live-Feed page.
You can also forward and aggregate this valuable security Information into a SIEM (e.g. Elasticsearch,Splunk) which will help you automate the process of looking at audit logs and alerting.
To access the SIEM Integrations page, please go to the Jscrambler Dashboard, select the target application,and then click on the Integration link under the Setup section.
Currently, we have available two types of drivers (detailed below) that your SIEM will most likely be compatible with.
Note: you can have up to 10 integration per Jscrambler application.
To set up Real-Time notifications with an Elasticsearch instance, select Elasticsearch Notification driver on the dropdown box and click on the add button.
Fields marked with * are mandatory
Configure the following parameters according to your elasticsearch set up:
When you are done, click on the create button to validate and store the configured elasticsearch integration.
At any time, you can make changes or remove the elasticsearch integrations.
To set up Real-Time notifications with a Webhook, select Webhook Notification driver on the dropdown box and click on the add button.
Fields marked with * are mandatory
Configure the following parameters according to your SIEM (should be capable of receiving http(s) requests):
When you are done, click on the create button to validate and store the configured webhook integration.
At any time, you can make changes or remove the webhook integrations.