Open in app

Sign in

Write

Sign in

Monitor the Security and Compliance posture using Email subscriptions from IBM Cloud Event Notifications

Pradeep Gopalgowda
6 min readApr 14, 2022

As a security or compliance focal, you can use the IBM Cloud Security and Compliance Center to help ensure that your organisation is adhering to the external and internal standards for your industry. By using the Security and Compliance Center to validate the resource configurations in your account against a profile, you can identify potential issues as they arise.

What is IBM Cloud Event Notifications?

IBM Cloud® Event Notifications is an event notification routing service that notifies you to critical events that occur in your IBM Cloud account or triggers automated actions by using webhooks. You can filter and route event notifications from IBM Cloud services like Availability Monitoring, to email, SMS, push notifications and webhooks.

How events are collected and sent by Security and Compliance Center?

When an event of interest takes place in the Security and Compliance Center, the service communicates with a connected Event Notifications instance to forward a notification to a supported destination.

Security and Compliance Center aggregates a list of your pending notifications by event type. The service checks for and dispatches any pending notifications to the connected Event Notifications service as they occur in the system. For example, you might receive notifications that are similar to the following messages:

  • A validation scan of your resources was completed.
  • A new resource was found in your inventory.
  • Control failures exceeded the threshold limit.
  • A Security Insights finding was reported for your account.

Step 1: Create an IBM Cloud Event Notifications service instance

  1. Log in to your IBM Cloud account.
  2. In the IBM Cloud catalog, search Event Notifications > Event Notifications.
  3. Select a Region from the list of supported region and Select a pricing plan.
  4. Provide a Service name.
  5. Select a resource group.
  6. Click Create.
IBM Cloud Event Notifications

Step 2: Connecting to Event Notifications in the Security and Compliance Center

After signing into IBM Cloud, you can access the Security and Compliance Center:

SCC Global Settings
  1. By clicking the Menu icon > Security and Compliance in the navigation.
  2. In the Security and Compliance Center navigation, click Global settings.
  3. In the Event Notifications section, and click Connect.
  4. In the side panel, review the source details for the connection. Optionally, provide a description.
  5. Select the resource group and Event Notifications service instance that you want to connect.

If an IAM authorization between Security and Compliance Center and Event Notifications doesn’t exist in your account, a dialog is displayed. Follow the prompts to grant access between the services.

To grant access between Security and Compliance Center and Event Notifications, click Authorize.

In the side panel, select Event Notifications as the target service.

From the list of instances, select the Event Notifications service instance that you want to authorize.

Select the Event Source Manager role.

Click Review.

Click Assign.

6. To confirm the connection, click Connect.

Connecting to IBM Cloud Event Notifications

A success message is displayed to indicate that Security and Compliance Center is now connected to Event Notifications. If you need to disconnect from Event Notifications later, you can use the options menu > Disconnect to remove the Security and Compliance Center as a source service in the Event Notifications instance.

Step 3: Verify the Security and Compliance Center source in IBM Cloud Event Notifications

1. Click the menu icon > Resource list.

2. Open Services and software.

3. Open the IBM Cloud Event Notifications instance you created.

4. Click Sources.

When you connect to Event Notifications in the Security and Compliance Center UI, a source is automatically added to your IBM Cloud Event Notifications Sources list.

SCC as a Source

Step 4: Create an IBM Cloud Event Notifications Destination

In this step you will make sure that an email destination exists where notifications will be forwarded.

  1. Click Destinations.
  2. Notice in the Destinations list that, by default, there is an IBM Cloud Email service defined. You do not need to do anything else to configure an email destination.

Note: If you wanted to add a webhook as a destination, you would click Add and provide the appropriate information in the Add a destination panel.

Email Destination

Step 5: Create an IBM Cloud Event Notifications topic

Next you will define an IBM Cloud Event Notifications topic that will receive an event from Security and Compliance Center.

1. Click Topics.

2. Click Create. The Topic details panel opens.

3. In the Topic details enter the following:

  • Enter the Name for your topic. For example, VulnerabilityScan.
  • For Source select the IBM Cloud Event Notifications source, which is the Security and Compliance Center.
  • Select an Event Type. For this tutorial select Vulnerability Advisor.
  • Select an Event subtype. For this tutorial select Vulnerabilities found in container images.
  • Select a Severity. For this tutorial select High Severity.

4. Click Add a condition. (If you do not click Add a condition before you click Create, the topic will be created with no conditions associated with it.)

5. Click Create. Your topic will be displayed in the Topics list.

Note: Click Add a condition without selecting any Event Type to send the test event from Security and Compliance Center.

Create a topic

Step 6: Create an IBM Cloud Event Notifications Email Subscription

In this step you will configure who will receive an email when a notification is processed.

  1. Click Subscriptions.
  2. Click Create. The Create a subscription panel opens.
  3. In the Create a subscription panel enter the following:
  • Enter the Name for your subscription. For example, VulnerabilityAdvisor.
  • For Topic select the topic you created. For example, VulnerabilityScan.
  • For Destination select IBM Cloud Email service.
  • For Recipients enter a valid email address, for example, MyEmail@MyCompany.com

4. Click Create. Your subscription will be added to the Subscriptions list.

Create a Subscription

Step 7: Sending a test event to Event Notifications from the UI

After you enable notifications for Security and Compliance Center, test your connection to ensure that the events that are generated by Security and Compliance Center are being forwarded to Event Notifications.

  1. In the Security and Compliance Center UI, click Global settings.
  2. In the Event Notifications section, click Send test event.

A success message is displayed to indicate that the test event was forwarded successfully to Event Notifications.

You should start receiving email notifications at the email address that you configured whenever the criteria defined in both Security and Compliance Center and IBM Cloud Event Notifications match.

Email Notification

Cheers! For setting up webhooks, check out the Event Notifications documentation.

Security
Compliance
Email
IBM
Ibm Cloud

--

--

Pradeep Gopalgowda

Written by Pradeep Gopalgowda

35 Followers

DevSecOps Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams