Cisco Secure Access Alerts for Access Rules Changes, Overview

Alerts for Changes on Access Rules

Cisco Secure Access Alert Rules manage the configuration and administration of alerts for specific types of conditions on the organization's resources. You can configure an alert rule with an alert category and conditions, and a list of email recipients and a Webhook target.

Overview

The Secure Access Changes on Access Rules alert rule monitors the state of the changes on the Access policy for a Secure Access organization.

Secure Access monitors:

  • Creation of access rules or adding components or options on access rules
  • Deletion of access rules or removing components or options on access rules
  • Modification of access rules or updating components or options on access rules
  • Reordering the priority of access rules

Secure Access sends notifications formatted in JSON using the Secure Access Alert schema for Changes on Access Rules. For more information, see Event Format: Changes on Access Rules Alerts.

Get Started

To get started, add an Alert Rule in Secure Access and choose the methods for sending the notifications: email and Webhook. You can add your Alert Rules using the Secure Access user interface (UI) or Cisco Secure Access Alerting API. For more information, see Alerting API.

Set Up Alerts

  1. Deploy an HTTP listener in your on-premises or cloud environment. The target system must support Basic authentication with a username and password and accept HTTP POST messages.
  2. Add a Webhook in Secure Access as a Third-party integration. Configure the Webhook with the URL and Basic authentication credentials of the HTTP listener. For more information, see Third-Party Integrations API.
  3. Validate that your target system receives the Secure Access alerts.

Sample JSON Alert Message: Changes on Access Rules

{
    "dataContentType": "application/json",
    "id": "2e4df7c0-69b9-5d8d-8cc7-b447baefad4e",
    "integrationids": "webhook.v1:14af766b-3fe7-4b9e-be74-29c4801ec2df",
    "orgid": "1234567",
    "source": "secureaccess.alerts",
    "specVersion": "1.0",
    "time": "2026-01-30T09:49:38Z",
    "type": "secureaccess.alerts.accessrulechanges.v1",
    "data": {
      "alerts": [
        {
          "alertId": "AL-351-8262543-1769766578478-c496c878c1bf4048",
          "alertType": "Rule creation, deletion, changing or reordering ",
          "category": "Access rule changes",
          "changesMade": "Rule changed",
          "conditionsApplied": {
            "conditions": [
              "Access rule : 1288271f-2d23-4619-9ecb-ab8428ede70e"
            ]
          },
          "redirectUrl": "https://dashboard.int.sse.cisco.com/org/1234567/secure/policy?ruleId=845",
          "ruleId": 351,
          "ruleName": "Webhook schema 1",
          "severity": "medium",
          "status": "active",
          "time": "2026-01-30T09:49:38.478700815Z",
          "user": "1288271f-2d23-4619-9ecb-ab8428ede70e"
        }
      ]
    }
}

JSON Alert Schema: Changes on Access Rules

You can download the Cisco Secure Access Changes on Access Rules Alert schema at Cisco Secure Access Changes on Access Rules Alerts Schema.