The Notification feature allows you to select the modules for which you want to receive email/Slack notifications when either an event occurs or the configured threshold is exceeded. You can select the modules and set the severity level for the modules to receive notifications.
Notifications can be sent to email or to a Slack channel:
- Email notifications are sent to the email address(es) configured in System Alert Email Address on the BASIC > Administration page in the Email Notification section.
- Slack notifications are sent to the channel configured in BASIC > Administration > Slack Notification section.
Also, on the BASIC > Notifications page you can set the following:
- The threshold limit for the hardware components and attack categories in the Global Threshold section.
- The threshold limit for each attack type per service in the Service Threshold section. For more information on attack categories, see Attacks Description - Action Policy.
The severity level determines how critical an event is for the system. The following table lists the severity level and its description:
| Severity | Description |
|---|---|
| Emergency | Event generated when the system is in an unusable state (highest priority). |
| Alert | Event generated when an immediate action is required. |
| Critical | Event generated when the system is in critical condition. |
| Error | Event generated when there is an error processing the request. |
| Warning | Event generated when an action is required to be taken on a particular module configuration or process. If no action is taken, an error might occur. Example: “Encryption Key is going to expire within 5 days”. |
| Notice | Events generated when an unusual activity is noticed. No immediate action is required. |
Configure Threshold Limits
- Go to the BASIC > Notifications page.
- In the Global Threshold section, configure the threshold limit for hardware components and attack categories.
- In the Service Threshold section, configure the threshold limit for attack types per service.
- Click Save.
Enable Notification for the Modules
- Go to the BASIC > Notifications page.
- In the Notification Configuration section, identify the modules for which you want to receive email notifications.
- Select the check box(es) next to the modules.
- Select the severity level.
- Click Save.
Examples
Example 1: Configure Notification Alerts for Hardware Components and Attack Categories:
- Go to the BASIC > Notifications page.
- In the Global Threshold section:
- Enter the threshold value for hardware components and attack categories you desire. For example: CPU Temperature - 60, Firmware Storage - 70, SQL Attacks - 100, XSS Injections - 50.
- In the Notification Configuration section:
- Set Severity to Alert.
- Select the Threshold Controlled checkbox under Module.
- Click Save.
Example 2: Configure Notification Alerts for Specific Attack Types under each Service
- Go to the BASIC > Notifications page.
- In the Service Threshold section:
- Enter the name of the attack in Event Type, configure the threshold value for the attack, and click Add. You can add multiple attack types under each service. For example: Cross-Site Scripting in URL - 5, Query Length Exceeded - 200, etc.
- In the Notification Configuration section:
- Set Severity to Alert.
- Select the Threshold Controlled checkbox under Module.
- Click Save.
Example 3: Configure Notification Alerts for Specific Modules
- Go to the BASIC > Notifications page.
- In the Notification Configuration section:
- Select the severity level (Emergency, Alert, Critical, Error, Warning and/or Notice) for the modules.
- Select the checkbox(es) next to the modules for which you want to receive email notifications.
- Click Save.