Custom findings in IBM Cloud Security Advisor

The IBM Cloud Security Advisor allows for centralized security management. It offers a unified dashboard that alerts security administrators for an IBM Cloud account of issues and helps them in resolving the issues. The advisor supports the integration of third-party vendors as well as custom findings. Using a REST API or programming language SDKs, it is possible to manage your own security metrics - from creating incident types and events to displaying them on the unified dashboard.

Overview

This repository has code

• for an interactive tool to work with Security Advisor objects,
• sample objects that can be created using the tool and be used by
• Cloud Functions actions which scan for custom security events and create related findings in the Security Advisor.

The setup and usage instructions are provided in a separate document.

The code is also discussed in the following posts on my blog:

• Extend IBM Cloud Security Advisor with your own security metrics
• Manage your Security Advisor custom findings from the command line
• Use Cloud Functions for security scans (IBM Cloud Security Advisor)

Similar posts have also been published on the IBM Cloud blog:

• Extend IBM Cloud Security Advisor With Your Own Security Metrics
• Manage Your Security Advisor Custom Findings from the Command Line
• Use Cloud Functions to Perform Security Scans in Security Advisor

License

See the License file.