Create and Edit Event Notifications

Purpose

This document describes how to create and edit Event Notifications.

Introduction

The Event Notifications window allows for actions to be performed upon certain events. The actions available are SNMP, syslog, creating a task, or sending an email. Default Event Notifications Settings are Discovery Scan Done, Scan Schedule Done, and New Release Notes

Option	Description
Discovery Scan Done	When a discovery scan is completed a notification will be sent out by email to the specified recipient (by default this will be the main user).
Scan Schedule Done	When a scan schedule is completed a notification will be sent out by email to the specified recipient (by default this will be the main user).
New Release Notes	When there are any release notes distributed, a notification will be sent out by email to the specified recipient, (by default this will be the main user).

To deactivate any of the default event notifications, right click on selected event and select Disable.

Getting Started

There are two ways of launching your applications.

From OUTSCAN
From a HIAB

OUTSCAN

To launch the OUTSCAN application, navigate to https://outscan.outpost24.com.

Note

Use HTTPS protocol.

Log in using your credentials.

HIAB

To connect to a HIAB, use the assigned network address.

Note

Use HTTPS protocol.

Log in using your credentials.

To access the Event Notification module, go to Main Menu > Settings > Even Notifications.

Creating and Editing Event Notifications

Create New Event

To create a new event notification, click the + New button in the top left corner of the window.

The Maintaining Event Notification window is displayed.

When creating a new Event Notification, provide an event name in the Name field.

Elements

There are five elements in this window, When, What, How, Customize, and Comments.

Note

What and How sections vary with the Event selected in the When section.

When

Event: Select the event in the drop-down menu for which you want to be notified .

Note

Depending on the choice in the When section, you are presented with various fields in the What and How sections .

Option	Description
Scan Schedule Done	Sends a notification when a scan schedule has finished.
Discovery Scan Done	Sends a notification when a discovery scan has finished.
Discovery: Alive Target Found	Sends a notification when alive targets is discovered in a discovery scan.
Discovery: Alive Target Added	Sends a notification when alive targets are added from a discovery scan.
Discovery: Inactive Target Found (Each Scan)	Sends a notification when inactive targets are found. Only for Discovery scans.
Discovery: Inactive Target Found (Consecutive Scans)	Sends a notification when a target has been reported inactive for the number of consecutive discovery scans. The amount can be set in Manage Targets by accessing Settings the cogwheel in the upper right corner.
Target: Added	Send a notification when a new target is added.
Target: Removed	Sends a notification when a target is removed.
Target: Compliant	Sends a notification for each target that is compliant (if this is a compliance scan).
Target: Not Compliant	Sends a notification for each target that is not compliant (if this is a compliance scan).
Target: Report Finding Ready	Triggered when a scan has completed and a report has been created
Target: Large Report Found	Sends a notification when the report is too large.
Target: Host not reachable	Sends a notification when a host is not reachable during scanning.
Target: Authentication Failed	Sends a notification when the authentication fails for a target during a scan.
Target: Scan Scheduled	Sends a notification X day before the scan is scheduled for the targets. X can be set within the Send Before (Days) section.
Target: Scan Started	Sends a notification when the scan has started for the targets.
Target: Scan Timeout	Sends a notification when the scan timeouts for the targets.
Target: Scan Stopped	Sends a notification when the scan stops for the targets.
Target: Scan Failed	Sends a notification when the scan fails for the targets.
Target: Scan Results Updated	Sends a notification when the scan results are updated for the targets after an SLS-scan.
Scan: Could not start SLS	Sends a notification when scanning less scan could not start for the targets.
Scan: Schedule Scheduled	Sends a notification x days before the scan is scheduled to start. X can be set within the Send Before (Days) section.
Scan: Schedule Started	Sends a notification when the scan schedule has started.
Finding: High Risk Found	Sends a notification when a high risk has been detected.
Finding: Medium Risk Found	Sends a notification when a medium risk has been detected.
Finding: Low Risk Found	Sends a notification when a low risk has been found.
Finding: Information Found	Sends a notification when an informational finding has been reported.
Finding: Exploit Available	Sends a notification when a finding with an exploit available has been reported.
Finding: Ports Opened	Sends a notification when ports have been reported as opened.
Finding: Ports Closed	Sends a notification when ports have been reported as closed.
Finding: Comment Added	Sends a notification when a comment has been added for a finding. This is done by right clicking the finding within Reporting tools and select Add Comment.
Finding: Risk Accepted	Sends a notification when a risk has been accepted.
Finding: Risk Acceptance Expired	Sends a notification when the acceptance for a risk has expired
Finding: Risk Acceptance Expiring	Sends a notification when the acceptance for a risk soon will expire.
Finding: Risk Acceptance Expired	Sends a notification when the acceptance for a risk expires.
Finding: Discussion Updated	OUTSCAN only. Sends a notification when the discussion for a SWAT finding has been updated.
Finding: Verify Done	OUTSCAN Only. Sends a notification when a verification has been performed in the SWAT report.
Finding: PCI failed	Sends a notification when a PCI report fails. This relates to the PCI preview policy, and the PCI module in OUTSCAN.
User: Logged In	Sends a notification when a user logs in.
New Release Notes	Sends a notification when there are new release notes available.
HIAB: Scanner Missing	Sends a notification when the current HIAB loses connection to any distributed HIAB.
HIAB: Update Done	Sends a notification when an update has finished successfully.
HIAB: Update Failed	Sends a notification when an update failed.
HIAB: Backup Done	Sends a notification when a backup has been performed.
HIAB: Backup Failed	Sends a notification when a backup has failed.
HIAB: Disk Usage High	Sends a notification when the Disk usage is too high.
HIAB: Server Rebooted	Sends a notification when the HIAB has restarted.
HIAB: Remote Support Notification	Sends a notification when remote support is enabled or disabled.
HIAB: Maintenance Plan Completed	Sends a notification when the maintenance plan has finished.

What

Option	Description
Scan Type	Select for which scan type you want to be notified.
Scope	Select the scope of the event. For events concerning schedule jobs and discovery jobs, you can set a Scope which determine if only your own jobs should be causing events or if any job that handles the targets shall be used (My Scans or All Scans).
Target Information	Select Include if you want to add the target information in the notification, else select Exclude.
Status Format	Set status format: No additional information. Risk level summary information. Risk level delta information.
Send Scan Report by Email	Enable this feature if you want to send the scan report by email to a specified recipient. Report Template Filter: You can filter by selecting any of the saved report templates from the drop-down menu. File PGP Public Key: You can import a PGP key file by clicking the plus button to the right of the drop-down. Once you have imported a new key file, it will be added in the drop-down, available for you to use. Include report in PDF Format: Enable if you wish to send the report in PDF format. Include report in XLS Format: Enable if you wish to send the report in XLS format. Include report in XML Format: Enable if you wish to send the report in XML format. Password: Set a password to open the report.

How

Option	Description
Action	Select how do you want to send notification from the provided options. This could be adding an email recipient to be notified, creating a task on new findings, a SNMP trap, Splunk or sending a Syslog message. SNMP (HIAB only): Send the notification to the configured SNMP server, these settings are available under: Main Menu > Settings > Integrations > SNMP tab. Syslog (HIAB only): Send the notification to the configured Syslog server, these settings are available under: Main Menu > Settings > Integrations > Syslog tab. Splunk (HIAB only): Send the notification to the configured Splunk server, these settings are available under: Main Menu > Settings > Integrations > Splunk Tab. Email: Send the notification by email to an already created user, or a custom email. Multiple emails can be entered, with a comma separator. SMS (OUTSCAN only): Send the notification by text message to an already created user Task: Create a task within the built-in ticketing system, and assign to an already created user JIRA: Create an issue within JIRA. These settings can be configured under: Main Menu > Settings > Integrations > JIRA tab.
Recipient	Provide a name to whom you want to send the notification. Custom is only available if you have super user privileges.
Email	If you want to send notification via email, please supply the email address in this field.
Email PGP Public Key	If desired, add a PGP Public Key to be used when emailing the notification.
Send Test Email	This allows you to send a test email to your account.
Send SMS Test	Sending a test SMS to a mobile phone is allowed for events like "High risk found". If an event like that is selected, the SMS option is available in Action. Select sms and the Test SMS button becomes visible.
Test SNMP	Sends a SNMP trap to the defined SNMP server.
Test Syslog	Sends a Syslog message to the defined Syslog server.

You can also filter out events by selecting a set of targets or target groups.

When setting up an event for "High risk found", it sends out an event for all high-risk findings found on any target.

Selecting a target group for the event, the high-risk event is only sent to targets in that group limiting the events to specific targets.

Option	Description
Target Groups	Choose what target group the event notification will be assigned to.
Target List	Choose what IP range the event notification will be assigned to. You do not have to specify IP addresses that have been selected in the target groups tab.
SWAT Applications	Limit the event to specific SWAT applications.

Customize

Option	Description
Subject	Custom subject for email.
Add text	The added custom text will be included in the email that is sent out.

Comments

Add any additional comments in this field.

Edit Existing Event

To edit an existing event notifications, right click on the selected event notification and choose Edit.

The Maintaining Event Notification window is displayed.

Then proceed in the same way as Create New Event

Reference

Event Notification Module

_Copyright

_{© 2024 Outpost24® All rights reserved.}_{This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.}

_Trademark

_{Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.}