Skip to main content

GRC Integration

Webhooks enable instant communication between systems. In this case, the ASCERA Splunk solution can be configured to communicate outward when the compliance state of a control changes, or evidence is uploaded. By setting up a listening endpoint in your GRC solution, your GRC solution can receive real-time updates with the status details and evidence.

info

Although referred to as "GRC Integration," it's essential to understand that this feature facilitates outbound webhooks for seamless integration with external platforms. While it enables communication with your GRC solution, its functionality extends beyond internal processes. By configuring outbound webhooks, ASCERA for Splunk can relay real-time updates regarding compliance status changes and evidence uploads to other systems. This capability ensures interoperability with various platforms, enhancing the versatility and scalability of your compliance management infrastructure.

The GRC Integration capability has two webhooks. One for status events and one for evidence events:

  • Status

    • Manual change of status at the objective or control level
    • Continuous control monitoring (CCM) events
    • These events will send a status payload

  • Evidence

    • Manual upload or modification of evidence at the objective or control level
    • Automated collection of evidence (ACE) events
    • These events will send an evidence payload
Testing GRC Integration

To test the functionality of GRC Integration before integrating it with your own solutions, you can use the free platform Webhook.site - Test, transform and automate Web requests and emails. Follow the steps below:

  1. Access webhook.site: Visit https://webhook.site/ in your web browser.

  2. Create a New Endpoint: Upon accessing the website, you'll be provided with a unique URL that represents your endpoint. Keep this URL handy as you'll need it for testing.

  3. Add GRC Integration:

    • Within your ASCERA Splunk software, locate and click the "Add GRC Integration" button.

  4. Name your GRC:

    • Enter a name for your GRC in the provided field.

  5. Set up Status Webhook:

    • Enter a name for the Status webhook.
    • Enter the unique URL provided by https://webhook.site/ into the URL field.
    • Enter any desired authentication token into the Authentication token field.

  6. Set up Evidence Webhook:

    • Enter a name for the Evidence webhook.
    • Enter the same unique URL provided by https://webhook.site/ into the URL field.
    • Enter any desired authentication token into the Authentication token field.

  7. Enable Webhooks:

    • Ensure that both webhooks are enabled by toggling the switches if they're not already enabled.

  8. Save Configuration:

    • Once all fields are filled and the webhooks are enabled, click the "Save" button to confirm your configuration.

  9. Test the Integration:

    • Return to https://webhook.site/ and navigate to the URL provided earlier.
    • Within a few moments of saving your configuration, you should see incoming requests reflecting the status and evidence payloads sent by ASCERA for Splunk.

By following these steps, you can observe how ASCERA for Splunk communicates with external systems via webhooks, using https://webhook.site/ as a testing platform. This allows you to verify the functionality and ensure seamless integration before implementing it within your own solutions.

Viewing Payload Examples

Once you've successfully configured your GRC Integration and tested it with https://webhook.site/, you may want to examine the structure of the payloads sent by ASCERA for Splunk. Below are examples of the payloads that you can expect to receive:

Status payload example:
{
  "timestamp": 1713796201,
  "frameworkName": "CMMC 2.0",
  "controlId": "SC.L2-3.13.9",
  "objective": "b",
  "newStatus": "Met",
  "reason": "1 events with prolonged sessions duration (more than 7 days) found, including 0 source device(s) and 0 destination device(s) from 0 sourcetype(s).\n\n\n\n\n\n",
  "reasonTitle": "1 events with prolonged sessions duration (more than 7 days) found, including 0 source device(s) and 0 destination device(s) from 0 sourcetype(s).",
  "author": "splunk-system-user",
  "oldStatus": "Met"
}
Evidence payload (supporting details):
{
  "name": "ASCERA Status Check - SC.L2-3.13.9 - Long Lived Network Connections",
  "controlId": "SC.L2-3.13.9",
  "objective": "b",
  "frameworkName": "CMMC 2.0",
  "author": "splunk-system-user",
  "reason": "1 events with prolonged sessions duration (more than 7 days) found, including 0 source device(s) and 0 destination device(s) from 0 sourcetype(s).\n\n\n\n\n\n",
  "reasonTitle": "1 events with prolonged sessions duration (more than 7 days) found, including 0 source device(s) and 0 destination device(s) from 0 sourcetype(s).",
  "value": {
    "cui_system_splunk_id": "default_system",
    "rows_count": "1",
    "num_of_durations": "0",
    "num_of_sourcetypes": "0",
    "num_of_sources": "0",
    "num_of_destinations": "0",
    "assessment_objective_letter": "b",
    "control": "SC.L2-3.13.9",
    "control_owner": "Owner",
    "control_status": "Met",
    "control_status_current": "Met",
    "control_supercedes_until": "0"
  },
  "timestamp": 1713796201
}

By examining these payload examples, you can gain insights into the data structure and information provided by ASCERA for Splunk via webhooks. This understanding can be valuable when integrating with your own systems and processing incoming webhook data effectively.

Integrating Your Solutions with ASCERA Splunk

Now that you've successfully tested GRC Integration and reviewed the payload examples, you're ready to integrate ASCERA for Splunk with your own solutions.

info

Consult your documentation for API information. Some custom mapping will be necessary using a solution capable of mapping API calls such as Zapier.

Follow the steps below to seamlessly incorporate ASCERA for Splunk into your compliance management infrastructure:

  1. Determine Integration Points:

    • Identify the specific areas within your compliance management system where you intend to integrate ASCERA for Splunk. Whether it's updating compliance status dashboards, triggering alerts based on evidence uploads, or automating compliance workflows, pinpoint the integration points that align with your objectives.

  2. Configure Webhook Endpoints:

    • Within your own solution, set up webhook endpoints to receive status and evidence payloads from ASCERA for Splunk. Ensure that the endpoints are accessible and capable of processing incoming webhook data securely.

  3. Implement Payload Processing Logic:

    • Develop logic within your solution to parse and interpret the incoming status and evidence payloads received from ASCERA for Splunk. Depending on your requirements, this may involve updating database records, triggering automated actions, or generating compliance reports.

  4. Handle Authentication and Authorization:

    • If authentication tokens are used to secure the webhooks, ensure that your solution is configured to validate and authenticate incoming requests from ASCERA for Splunk. Implement proper authorization mechanisms to restrict access and maintain data integrity.

  5. Manage GRC Integrations:

    • After creating a GRC Integration within ASCERA for Splunk, you have the option to update or delete it as needed. Simply navigate to the GRC Integration table, where you'll find action icons for these operations. Use the update icon to modify any configuration settings, such as URLs or authentication tokens, and use the delete icon to remove the integration entirely.

By following these steps and utilizing the update and delete options for GRC integrations as necessary, you can seamlessly integrate ASCERA for Splunk with your own solutions, enhancing your compliance management capabilities and streamlining your workflow processes.