Secure Application

This app provides policy management capabilities for Runtime App Security Summary The Secure Application app for Splunk SOAR enables security analysts to automate the management of application runtime security policies directly from their SOAR playbooks. By integrating runtime application security with Splunk's orchestration capabilities, teams can respond to threats faster, reduce manual effort, and enforce consistent security policies across their applications. About Secure Application Traditional vulnerability tools often create noise, making it difficult to distinguish real threats from theoretical risks. Secure Application, integrated with Splunk AppDynamics, eliminates these silos by providing security and observability in a single solution. It helps you: -Detect runtime vulnerabilities and attacks in real-time, directly within your applications. -Prioritize threats based on actual business risk and impact, not just generic severity scores. -Streamline collaboration between application and security teams with actionable intelligence delivered to the Splunk tools you already use. According to Splunk’s State of Security 2025 report, 74% of organizations identify DevSecOps as a critical skills gap. This integration helps bridge that gap by embedding security directly into your operational workflows. Automated Use Cases Integrate these actions into your playbooks to orchestrate advanced security workflows: -Automated Threat Response: When Splunk SIEM detects a critical application-layer attack, trigger a SOAR playbook that uses this app to automatically update the relevant policy in Secure Application to block the malicious behavior instantly. -Policy-as-Code Enforcement: Use a playbook to synchronize runtime policies in Secure Application with a source of truth, such as a Git repository or a change management ticket, ensuring consistent and auditable policy enforcement. -Compliance and Auditing: Schedule a playbook to run periodically, using the List Policies action to compare active policies against a defined compliance baseline and create alerts for any deviations. Requirements This app connects to the cloud-hosted version of Secure Application.

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• create new policy: Create a policy for an attack or vulnerability at runtime
• create new policy for http transaction header: Create a policy for headers in HTTP transactions
• delete policy: Delete a runtime policy given its ID
• get policy by id: Retrieve details of a specific policy using its ID
• list all policies: Fetch and display all existing policies
• update policy: Update an existing policy given its ID
• add a rule to command execution policy: Add a rule to the command execution policy to detect, ignore or block the runtime activity
• add a rule to filesystem access policy: Add a rule to the filesystem access policy to detect, ignore or block the runtime activity
• add a rule to network or socket access policy: Add a rule to the network or socket access policy to detect, ignore or block the runtime activity
• delete a rule from command execution policy: Delete a rule from the command execution policy
• delete a rule from filesystem access policy: Delete a rule from the filesystem access policy
• delete a rule from network or socket access policy: Delete a rule from the network or socket access policy
• list all rules: List all rules in a policy given its policy id