Notification Settings

Purpose

This document provides users with an overview of how to set up and use the Event Notifications module in OUTSCAN and HIAB.

Introduction

This document has been elaborated under the assumption that the reader has access to the OUTSCAN /HIAB account and Portal Interface.

To monitor and maintain your security solution, specific events should be defined to keep track of the ongoing progress of the vulnerability management program. This includes knowing when the scanner is updated, when alterations are made, and when scanning occurs unsuccessfully. The Event Notification feature supports several integrated event types and destinations where the notification can be published. Each event type and destination can be specified when configuring the event notifications. Each notification can be configured using Jinja2 to tailor the notification after your requirements. Several examples and templates are provided in Event Notification - Use Cases and Event Notification - Templates.

Event Notification

The Notification settings view provides an overview of the created settings and their status. The settings can be enabled and disabled directly from the view.

Columns

Columns can be configured as described in Column Configuration, along with the Filters function.

Object		Description
Created		Shows the creation date of the notification setting.
Created by		Shows the creator of the notification setting.
Enabled		Toggles the notification on or off. Enabled Disabled
ID		The identifier of the notification setting.
Integration ID		The identifier of the connected Integration. See Integrations.
Integration type		The integration types are: E-mail Notification SNMP Syslog Webhook
Name		Shows the name of the notification.
Tags		Tags that are associated to the notification setting. See Tags.
Trigger		The trigger associated with the notification. See the Trigger section.
Updated		Shows the date of the last update to the notification settings.
Updated by		Shows the user who last updated the notification settings.
View template ID		Shows the identifier to a saved View template. See View Templates.

Configuring the Event Notification

When configuring the Event Notification, several Triggers, Integrations, View Templates, and Variables can be selected to tailor the notification.

Trigger

Triggers are automated instructions that respond to specific events by executing predefined actions, enhancing real-time monitoring, response, and overall security posture. They enable proactive notifications and actions, providing real-time insights and reducing the need for manual intervention. Examples of triggers include:

• Asset triggers for changes in infrastructure.

• Configuration triggers for system changes.

• Finding triggers for vulnerabilities.

• User event triggers for access control.

These triggers ensure timely updates and informed decision-making, acting as proactive agents to mitigate potential threats and improve platform resilience. For a detailed list of available triggers, see Event Notification - Triggers.

Integration

Integrations refer to the seamless incorporation of different software systems, tools, or services to work cohesively within a unified environment. Integrations act as bridges that enable the cybersecurity platform to communicate and share information with external applications or services. They play an important role in streamlining communication, enhancing data visibility, and automating workflows.

Email: The Event Notification can send automated email notifications and alerts to inform relevant stakeholders about security events or system changes. This email integration ensures immediate awareness and facilitates a timely response to critical incidents.

Notification: The notifications provide real-time alerts directly within Outscan, informing users instantly about important events. It is configurable on a per-user basis.

SNMP: Simple Network Management Protocol (SNMP) integration allows Outscan to communicate with network devices and management systems, enabling monitoring and management of network components. This is essential for gathering information about the network's health and status, and supporting a comprehensive threat analysis.

Syslog: Syslog integration involves sending event logs and messages to a centralized syslog server, enhancing visibility into system activities and facilitates analysis. It is valuable for auditing, compliance, and forensic purposes, ensuring that a detailed record of security events is maintained.

Webhook: Webhooks enable the Outscan to send real-time data to external systems or services, triggering actions in external applications based on specific events. This integration enhances automation capabilities and supports the use of various third-party tools and services.

For more detailed information on integration, see Event Notification - Integration and Integration Management.

View Templates

View Templates allow users to save and replicate personalized configurations. By storing settings such as column order, sorting criteria, column width, and filters, users can easily switch between different data perspectives without reapplying parameters. This tool ensures consistency and efficiency in data analysis, aligning with specific user needs and saving time for frequently revisited analyses. For more details on how to use this feature, see View Templates.

Available Variables

The variables in Notification Settings are dynamic placeholders for data in templates, automating workflows by inserting real-time data into messages or configurations. This ensures relevant information in changing contexts, enhances customization, reduces manual effort, and minimizes errors.

Available variables depend on the selected event trigger, detailed in Event Notification - Variables. Keep in mind that the available variables depend on the selected event trigger.

Add Notification Setting

1. Go to Configuration > Notification Settings.

2. Click the green icon in the lower right corner to add a new event notification.

3. Select a Name for the setting.

4. Select a Trigger for the event. See Event Notification - Triggers.

5. Select an Integration for the event. See Event Notification - Integration.

6. Select a View Template. See View Templates.

7. Select Users to receive the notifications.

8. Add a Subject. You can add predefined variables from Available Variables drop down. See Event Notification - Variables.
   When starting to type the curly brackets {{ a list is displayed and filtered automatically while typing for easy access to the predefined variables.
   

   

9. Add the Content to the notification. You can add predefined variables from Available Variables drop down. See Event Notification - Variables.
   The same list as in #8 is displayed when writing two curly brackets.

10. Click the blue ADD button to save the Notification Setting.

The Users field is only active if E-mail is selected as an integration in step 5. If Notification is selected as an integration, the setting only applies on current user/sub-user.

If the Integration is set to E-mail, the content can be toggled between Text or HTML format.

Edit Notifications Settings

1. Go to Configuration > Notification Settings.

2. Select the notification setting you want to edit.

3. Edit the content of the Notification Setting.

4. Click the blue Save button to save.

Remove Notifications Settings

1. Go to Configuration > Notification Settings.

2. Right click the Notification Setting you want to remove.

3. In the pop-up menu, click Delete.

   

or

1. Select the Notification Setting you want to remove by checking the check box.

2. In the toolbar at the bottom, click the bin icon to delete.
   

   

Notification Examples

The following example is for high-risk findings:

This specific example is for a customer who only has SWAT.

For more information see: Event Notification - Templates and Event Notification - Use Cases

High Risk Finding

{{ finding.cvssV3Severity }} risk found - {{finding.assetName}}
 
 
 
<div>
 <p>
  Dear {{ user.firstName }} on behalf of Outpost24,
 </p>
 <p>
  The following {{ finding.cvssV3Severity }} risk vulnerabilities were found for {{finding.assetName}} as part of the ongoing penetration testing {{finding.activeSubscriptionTypes[0]}} service:
 </p>
</div>
<div>
 <p>
  <b><a href="https://outscan.outpost24.com/portal/en/#/findings/{{finding.id}}/details'">{{ finding.name }}</a></b>
 </p>
</div>
<div>
 <p>
  Best Regards,
 </p>
 <p>
  Outpost24
 </p>
</div>

Tagging

For more information on tags, see Tags.

Add Tags

1. Go to Configuration > Notification Settings.

2. Right click the Notification Setting.

3. In the pop-up menu select Edit tags.
   

   

4. Search for a tag and select it from the given suggestions.

5. If the tag does not exist, click the Create New Tag button.

6. Click the Submit button to add the tag.

Edit Tags

1. Go to Configuration > Notification Settings.

2. Right click the Notification Setting.

3. In the pop-up menu, select Edit Tags.

Remove Tags

1. Go to Configuration > Notification Settings.

2. Click on the X on the tag you want to remove.

Related Articles

_Copyright

_{© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.}

_Trademark

_{Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.}