Notification Rules

Available for:

Cloud SIEM | Cloud Security Management | Application Security Management

Overview

Notification rules are predefined sets of conditions that automate the process of informing your team about security issues. By using notification rules, you no longer need to manually set up notifications for each individual detection rule. Notification rules can be configured to cover a wide range of scenarios by specifying parameters such as severities, rule types, rule tags, signal attributes, and signal tags.

Notification Rules overview page

Create notification rules

To create a notification rule, specify the conditions under which the rule should be triggered. These conditions may include criteria such as severity, detection rule type, tags, and attributes. When an issue matches the defined criteria, the rule automatically sends notifications to the designated recipients.

As you configure the rule, a preview of issues matching the notification rule conditions appears on the Preview of Matching Results panel. This preview helps you determine if your notification rule is too specific or too broad, allowing you to adjust the criteria accordingly for optimal coverage.
  1. On the Notification Rules page, click New Notification Rule.
  2. Enter a Name for the notification rule.
  3. Select the source type for the notification rule:
    • Vulnerability: A potential security flaw in your infrastructure.
    • Signal: Suspicious activity that poses an active threat against your infrastructure.
  4. Select one or more severity levels.
  5. Specify the tags and attributes that must be present in order for the notification rule to be triggered.
  6. Click Add Recipient.
  7. Specify the recipients you want to notify when the notification rule is triggered. You can notify individuals, teams, create Jira issues, and more. See Notification channels for more information.
  8. Click Save.
Setup page for creating a notification rule

Manage notification rules

Enable or disable a notification rule

To enable or disable a notification rule, toggle the switch on the notification rule card.

Edit a notification rule

To edit a notification rule, click the notification rule card. After you finish making your changes, click Save.

Clone a notification rule

To clone a notification rule, click the vertical three-dot menu on the notification rule card and select Clone.

Delete a notification rule

To delete a notification rule, click the vertical three-dot menu on the notification rule card and select Delete.

Further Reading

Additional helpful documentation, links, and articles:

PREVIEWING: esther/docs-9518-update-example-control-sensitive-log-data