Notifications Setup
Configure how and when you receive alerts about security events, threats, and system status.
Effective notification management ensures your security team stays informed of critical events without being overwhelmed.
Why Configure Notifications?
| Benefit | Description |
|---|---|
| Immediate Response | Instant alerts for critical threats |
| Reduced Noise | Filter by severity to focus on what matters |
| Scheduled Updates | Daily/weekly summaries for non-critical events |
Notification Channels
- 💼 Microsoft Teams
- 💬 Slack
- 🔗 Webhooks
Email Notifications
Receive alerts via email with customizable templates and frequency controls.
| Feature | Description |
|---|---|
| Format | HTML formatting support |
| Digest | Batch multiple events together |
| Scheduling | Immediate, hourly, or daily |
Best For: Critical alerts and scheduled summaries.
Microsoft Teams Integration
Send rich, actionable alerts to Teams channels with adaptive cards.
| Feature | Description |
|---|---|
| Adaptive Cards | Rich formatted messages |
| Inline Actions | Quick response buttons |
| Threads | Organized conversations |
Best For: SOC teams using Microsoft ecosystem.
Slack Integration
Post alerts to Slack channels with interactive message buttons.
| Feature | Description |
|---|---|
| Interactive | Action buttons in messages |
| Threads | Keep conversations organized |
| Rich Format | Color-coded severity |
Best For: Fast team communication.
Custom Webhooks
Integrate with any external system using HTTP webhooks.
| Feature | Description |
|---|---|
| Flexible | Custom payload format |
| Universal | Works with any HTTPS endpoint |
| SIEM Ready | Integrate with security tools |
Best For: SIEM integration and custom automation.
Configuring Notifications
- 1️⃣ Navigate
- 2️⃣ Add Channel
- 3️⃣ Create Rule
- 4️⃣ Template
- 5️⃣ Test
Step 1: Navigate to Notification Settings
Go to Configuration → Notifications to access notification management.
You'll see:
- Existing notification rules
- Configured channels
- Delivery status
Step 2: Add Notification Channel
Click + Add Channel and select your preferred delivery method:
| Channel | Requirements |
|---|---|
| SMTP config or use default | |
| Microsoft Teams | Webhook URL |
| Slack | Webhook URL or OAuth app |
| Custom Webhook | Endpoint URL + optional headers |
Step 3: Create Notification Rule
Define when and how notifications should be sent:
| Component | Options |
|---|---|
| Event Type | Authentication, Malware, Network, Process, System |
| Severity | Critical, High, Medium, Low |
| Frequency | Immediate, Hourly digest, Daily summary |
| Recipients | Specific users, roles, or channels |
Step 4: Customize Message Template
Choose or customize the notification message template:
8 Default Templates:
- Critical Threat Detected
- Authentication Failure
- Malware Detection
- Correlation Alert
- Agent Health Issue
- Daily Security Summary
- Weekly Report
- Custom Event
Step 5: Test and Activate
Test notifications include sample event data to verify formatting.
- Click Send Test Notification
- Verify delivery to channel
- Check formatting
- Activate the rule
Notification Frequency
| Frequency | Best For | Typical Use Cases |
|---|---|---|
| Immediate | Critical threats | Malware, lateral movement, privilege escalation |
| Hourly Digest | Medium severity | Auth failures, config changes |
| Daily Summary | Low severity | System health, agent updates |
| Weekly Report | Executive summaries | Security posture, compliance status |
Best Practices
- 📍 Smart Routing
- 😴 Avoid Fatigue
- 🔍 Regular Review
Severity-Based Routing
| Severity | Channel | Frequency |
|---|---|---|
| Critical | Teams/Slack | Immediate |
| High | Teams/Slack + Email | Immediate |
| Medium | Hourly digest | |
| Low | Daily summary |
Prevent Alert Fatigue
| Strategy | Implementation |
|---|---|
| Threshold tuning | Increase severity thresholds |
| Digest mode | Batch similar events |
| Quiet hours | Suppress low severity at night |
| Deduplication | Group related events |
Audit Notification Rules
| Frequency | Action |
|---|---|
| Monthly | Review delivery statistics |
| Quarterly | Audit all rules |
| After incidents | Update based on learnings |
📝 Notification Setup Checklist
- Identify critical event types
- Configure at least 2 channels (primary + backup)
- Set appropriate severity thresholds
- Create rules for each severity level
- Test all notification paths
- Document escalation procedures
- Review rules quarterly
What's Next?
| Guide | Description |
|---|---|
| Microsoft Teams Integration | Configure Teams with adaptive cards |
| Slack Integration | Set up Slack notifications |
| Custom Webhooks | Integrate with external systems |
| Email Alerts | Configure email notifications |