Last Updated: 2025-06-27
Purpose
This article contains use case examples on how to configure the Event Notification function in Outscan.
Introduction
The Event Notification - Use Cases illustrates real-world scenarios where alerts can be triggered—such as when new vulnerabilities are detected, scans fail, or existing findings are fixed—and shows how templated notifications can deliver context and urgency around these events. By applying these use cases, you make your notification setup more relevant and actionable, ensuring your team is alerted to only the events that matter most in your security operations.
Built in
High/Medium/Low/Information-risk Findings
Trigger: Finding created
View template: Create view template filtering by the columns CVSS v3 severity and/or CVSS v2 severity with the severity you want to be notified about:
Subject:
{{ finding.cvssV3Severity }} risk found - {{ finding.assetName }}
Content:
<div style="margin-bottom: 20px">
Dear user on behalf of Outpost24,
</div>
<div>
The following {{ finding.cvssV3Severity }} risk vulnerabilities were found for {{ finding.assetName|e }} as part of the ongoing {{ finding.source|join(', ') }} service:
</div>
<div style="margin-top: 10px">
<a href="https://outscan.outpost24.com/portal/en/#/findings/{{ finding.id }}/details"><b>{{ finding.name|e }}</b></a>
</div>
<div style="margin-top: 20px">
<div>Best Regards,</div>
<div>Outpost24</div>
</div>
Scan failed
Trigger: Scan done
View template: Create a view template that filters by the status you want to get a notification for
Subject:
Scan done with status {{ scan.status }}
Content:
<div style="margin-bottom: 20px">
Dear user on behalf of Outpost24,
</div>
<div>
The scan of <a href="https://outscan.outpost24.com/portal/en/#/scans/{{ scan.id }}">{{ scan.assetIdentifierName|e }}</a> has done with the status {{ scan.status }}:
</div>
<div>
<div style="margin-top: 10px"><strong>Configuration name: </strong>{{ configuration.name|e }}</div>
<div style="margin-top: 10px"><strong>Asset name: </strong>{{ scan.assetIdentifierName|e }}</div>
<div style="margin-top: 10px"><strong>Source: </strong>{{ scan.source }}</div>
</div>
<div style="margin-top: 20px">
<div>Best Regards,</div>
<div>Outpost24</div>
</div>
Finding: Exploit Available
Trigger: Finding created
View template: Exploits available: Yes
Subject:
Exploitable vulnerability - {{finding.assetName}}
Content:
<div style="margin-bottom: 20px">
Dear user on behalf of Outpost24,
</div>
<div>
The following {{ finding.cvssV3Severity }} risk vulnerabilities were found for {{ finding.assetName|e }} with public exploits:
</div>
<div style="margin-top: 10px">
<a href="<<BASE_URL>>/portal/en/#/findings/{{ finding.id }}/details"><b>{{ finding.name|e }}</b></a>
</div>
<div style="margin-top: 20px">
<div>Best Regards,</div>
<div>Outpost24</div>
</div>
Fixed Finding
Trigger: Finding modified
View template: status: FIXED
Subject:
A finding has been fixed: {{ finding.name }}
Content:
<div style="margin-bottom: 20px">
Dear user on behalf of Outpost24,
</div>
<div>
The following {{ finding.cvssV3Severity }} risk vulnerabilities has been fixed:
</div>
<div style="margin-top: 10px">
<a href="https://outscan.outpost24.com/portal/en/#/findings/{{ finding.id }}/details"><b>{{ finding.name|e }}</b></a>
</div>
<div style="margin-top: 20px">
<div>Best Regards,</div>
<div>Outpost24</div>
</div>
External
Microsoft Teams
High/Medium/Low/Information-risk Findings
Prerequisites:
Have set up a Microsoft teams workflow and integrated the webhook in Portal. See Webhook Integration with Microsoft Teams for the guide how to do so.
Trigger: Finding Created
Integration: The created integration from the Webhook Integration with Microsoft Teams guide.
This JSON content can also be used as a template, paste it in https://adaptivecards.io/designer/
A preview of what the notification card looks like is displayed while making changes to the card.
{
"type": "AdaptiveCard",
"body": [
{
"type": "TextBlock",
"size": "medium",
"weight": "bolder",
"text": "New {{ finding.cvssSeverity | default('Not Set') }} Risk Vulnerability Detected by Outpost24"
},
{
"type": "ColumnSet",
"columns": [
{
"type": "Column",
"items": [
{
"type": "Image",
"style": "Person",
"url": "https://outpost24.com/wp-content/uploads/2023/05/cropped-O24_favicon_512.png",
"size": "Small"
}
],
"width": "auto"
},
{
"type": "Column",
"items": [
{
"type": "TextBlock",
"weight": "Bolder",
"text": "{{ finding.name | default('Not Set') }}",
"wrap": true
},
{
"type": "TextBlock",
"spacing": "None",
"text": "Created {{ finding.firstSeen | default('Not Set') }}",
"isSubtle": true,
"wrap": true
}
],
"width": "stretch"
}
]
},
{
"type": "TextBlock",
"text": "{{ finding.description | default('Not Set') }}",
"wrap": true
},
{
"type": "FactSet",
"facts": [
{
"title": "Asset:",
"value": "{{ asset.name | default('Not Set') }}"
},
{
"title": "CVE:",
"value": "{{ finding.cve | default('No CVE') }}"
},
{
"title": "Likelihood:",
"value": "{{ finding.exploitProbability | default('Not Set') }}"
},
{
"title": "CVSS Score:",
"value": "{{ finding.cvssScore | default('Not Set') }}"
}
]
},
{
"type": "TextBlock",
"text": "Solution",
"weight": "Bolder",
"wrap": true
},
{
"type": "TextBlock",
"text": "{{ finding.solutionTitle | default('Not Set') }} }}",
"wrap": true
}
],
"actions": [
{
"type": "Action.OpenUrl",
"title": "View in Portal",
"url": "https://outscan.outpost24.com/portal/en/#/findings/{{ finding.id }}"
}
],
"$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
"version": "1.3"
}
Related Articles
- Reports
- Log In Using LDAP
- Report Library
- Vulnerability Database
- Removing an Agent from Windows
- Delta
- Scan Blueprint
- Technical Specification
- Schedules
- Installing a Linux Agent
- Workflows
- Troubleshooting checklists
- User Management
- Check Connectivity to Agent Server
- Scan Scheduling Errors
- HIAB Deployment Guide
- Managing Tags
- Checking if Agent is Running
- Agent Installation Introduction
- Common Settings Panel
- Scanning Range
- Role Management
- Portal Icon List
- Agent Call Home
- Asset Discovery
- XML API Interface Technical Document
- Using the Agent Info Command
- Scheduled Reports
- Removing an Agent from Linux
- Solutions
- Identity and Access Management (IAM)
- Understanding Scanner and Scheduler
- Licensing Consumption
- Installing a macOS Agent
- Agent Introduction
- Setting Up an Agent Using System Proxy
- DNS Lookup in UI and in Console
- Supported Browsers
- HIAB Console
- Certificates
- Marking as False Positives
- Managing Agents
- Event Notification - Integration
- HIAB Distribution Settings
- Agent Latest Version
- Column Configuration
- PGP on User Accounts
- Event Notification - Use Cases
- Logging in to the Portal
- Firewall Rules
- Account
- Notification Settings
- Products Database
- Log In Using Single Sign-On (SSO)
- Scan Assessment Configuration
- View Templates
- Ports
- Installing a Windows Agent
- Generate Reports
- Basic Credentials
- Scan Stages
- Object Identifiers
- Subscriptions Overview
- Services
- REST API Interface Technical Document
- Getting Started with the Portal
- Scan Configuration Settings
- Scans View
- Retrieving a REST API Token From XMLAPI
- HIAB E-mail Whitelisting
- Scan Credentials
- API Examples
- Tags
- Accepting a Risk
- Importing Tags for AWS Discovery
- Discovery Scan Configuration
- Products
- Vulnerabilities
- Scan Policies
- Resource Group Management
- Download Agents
- Discussions and Commenting
- Filters
- Notifications
- 2FA on User Accounts
- Assets