Notifications Setup
Configure how and when you receive alerts about security events, threats, and system status.
Why Configure Notifications?
Effective notification management ensures your security team stays informed of critical events without being overwhelmed by alerts.
| Benefit | Description |
|---|---|
| Immediate Response | Get instant alerts for critical threats that require immediate action |
| Reduced Noise | Filter notifications by severity to focus on what matters most |
| Scheduled Updates | Receive daily or weekly summaries for non-critical events |
Notification Channels
CastellanAI supports multiple delivery channels for notifications:
Email Notifications
Receive alerts via email with customizable templates and frequency controls.
- Recommended for critical alerts
- Supports HTML formatting
- Batch digest available
Microsoft Teams Integration
Send rich, actionable alerts to Teams channels with adaptive cards and quick actions.
- Ideal for SOC teams
- Inline actions
- Rich formatting
Slack Integration
Post alerts to Slack channels with interactive message buttons and thread support.
- Fast communication
- Interactive buttons
- Thread replies
Custom Webhooks
Integrate with any external system using HTTP webhooks with customizable payloads.
- Maximum flexibility
- Custom payload format
- SIEM integration
Configuring Notifications
Step 1: Navigate to Notification Settings
Go to Configuration → Notifications to access notification management. You'll see existing notification rules and channels configured for your organization.
Step 2: Add Notification Channel
Click + Add Channel and select your preferred delivery method.
Available channels:
- Email (requires SMTP configuration or uses default)
- Microsoft Teams (requires webhook URL)
- Slack (requires webhook URL or OAuth app)
- Custom Webhook (requires endpoint URL and optional headers)
Step 3: Create Notification Rule
Define when and how notifications should be sent by configuring rule conditions.
Rule components:
- Event Type: Authentication, Malware, Network, Process, System
- Severity: Critical, High, Medium, Low
- Frequency: Immediate, Hourly digest, Daily summary
- Recipients: Specific users, roles, or channels
Step 4: Customize Message Template
Choose or customize the notification message template to include relevant event details.
8 default templates available:
- Critical Threat Detected
- Authentication Failure
- Malware Detection
- Correlation Alert
- Agent Health Issue
- Daily Security Summary
- Weekly Report
- Custom Event
Step 5: Test and Activate
Send a test notification to verify delivery, then activate the rule.
Test notifications include sample event data to verify formatting.
Notification Frequency
Control notification frequency to balance responsiveness with alert fatigue:
| Frequency | Best For | Typical Use Cases |
|---|---|---|
| Immediate | Critical threats | Malware detection, lateral movement, privilege escalation |
| Hourly Digest | Medium severity events | Authentication failures, configuration changes |
| Daily Summary | Low severity monitoring | System health, agent updates, routine events |
| Weekly Report | Executive summaries | Security posture trends, compliance status |
Best Practices
- Use Severity-Based Routing - Send critical alerts to immediate channels (Teams, Slack) and lower severity events to daily digests.
- Avoid Alert Fatigue - Configure appropriate thresholds and use digest frequencies for high-volume event types.
- Regularly Review Rules - Audit notification rules quarterly to ensure they still match your security operations workflow.
- Test Before Activating - Always send test notifications to verify delivery and formatting before enabling production rules.
What's Next?
- Microsoft Teams Integration - Learn how to configure Teams integration with adaptive cards and inline actions
- Custom Webhooks - Integrate with external systems using custom webhook endpoints and payloads