Notification
  • 27 Aug 2024
  • 3 Minutes to read
  • PDF

Notification

  • PDF

Article summary

Timely and actionable notifications play an important role in application protection. Custom notifications also help you streamline the types of notifications you wish to receive and the frequency at which you would like to receive them. Some events also have severities associated with them, for example, high, medium, or low. You can choose the severity of events for which you wish to be notified. For example, you can decide to be notified only for high and medium-severity events. Navigate to Settings (image-1638268402925) → ConfigurationNotifications page to create custom notifications. Creating a custom notification is a two-step process.

  1. Create a channel

  2. Create a notification rule

A notification is distributed through a channel.


Step 1 - Create a channel

A channel is a group of mediums or people to whom you want to notify when a type of event is triggered. You can send notifications to one or more than one of the following channels:

On the Settings (image-1638268402925) → ConfigurationNotifications page, click on Create Channel button and ptrovide the details to configure a channel. You can later edit or delete the channel. Once you have created a channel, the next step is to create a notification rule.

Note

If you are configuring S3 Webhook, make sure to configure Audience in your S3 bucket. Contact Traceable's support at support@traceable.ai to get the Audience value to configure in AWS.


Step 2 - Create a notification rule

A notification is sent through a channel for a category of events and event type. You can create notifications for different categories. In each category, there are either different threat types or event types. The notifications are created for a specific Environment or all the environments. Select the environment from the Environment drop-down list. After configuring all the notification rules, choose a channel from the list of channels you created earlier. You can change the channel to which you want to send the notification at any time. However, a notification can be sent to only one channel. Ultimately, decide the frequency of notifications from one notification every hour to one notification in 24-hours.


The following tables list the different category and their corresponding threat types or event types.

Category

Threat Type

Logged threat activity

Authorization Bypass - Object Level

Authorization Bypass - User Level

Content Size Anomaly

Content Type Anomaly

Cross-Site Scripting (XSS)

Custom Signature

Data Loss Prevention

Email Domain Malicious Sources

Enumeration

GraphQL Attacks

HTTP Protocol Attacks

Invalid Enumerations

IP Range Malicious Sources

IP Type Malicious Sources

Java Application Attacks

Local File Inclusion

Mass Assignment

Missing Field

NodeJS Injection

Rate Limiting

Region Malicious Sources

Remote Code Execution

Remote File Inclusion

Scanner Detection

Server Side Request Forgery (SSRF) Signatures

Session Fixation

SQL Injection

Type Anomaly

Value Out of Range

XML External Entity Injection (XXE)



Blocked threat activity

Cross-Site Scripting (XSS)

Custom Signature

Data Loss Prevention

Email Domain Malicious Sources

Enumeration

GraphQL Attacks

HTTP Protocol Attacks

In-Agent Vulnerable Library

IP Range Malicious Sources

IP Type Malicious Sources

Java Application Attacks

Local File Inclusion

NodeJS Injection

Rate Limiting

Region Malicious Sources

Remote Code Execution

Remote File Inclusion

Scanner Detection

Server Side Request Forgery (SSRF) Signatures

Session Fixation

SQL Injection

Threat Actor

XML External Entity Injection (XXE)

Category

Event type

Threat actor status change

Normal

Threat Actor

Resolved

Always Allowed

Always Denied

Suspended

Snoozed



Threat actor severity state change

Low

Medium

High

Critical



Protection configuration change

Signature Based Blocking

Rate Limiting

Data Loss Prevention

Enumeration

Malicious Sources IP Range

Malicious Sources Region

Malicious Sources Email Domain

Malicious Sources IP Type

Custom Signature

Detection

Exclusions



Team activity

Create User

Update User

Delete User

Invite User

User Accept Invite

User Login

User Logout

Threat scoring configuration change

Anomalous Behavior Score Contribution

Severity Score Contribution

Threat Actor Score Contribution

Events Contribution

IP Reputation Score Contribution

Status Code Contribution

Threat Auto Blocking

You can create notifications for any change made in the notifications configurations.

Category

Event Type

Event Category

API naming rule configuration change

Create

Update

Delete

API documentation configuration change

Create

Update

Delete

Exclude rule configuration change

Create

Update

Delete

Label configuration change

Create

  • Label application rule

  • Label rule

Update

Delete

Risk scoring configuration change

Update

Posture event

API Discovery

Risk Score Change

Sensitive Data Discovery

Sensitive Data Shared With Third Party

Service Discovery

Vulnerability Discovery

Notification configuration change

Create

  • Channel

  • Rule

Update

Delete

Data classification configuration change

Create

  • User attribution

  • Session identification

  • Data set

  • Data type

Update

Delete

Integration configuration change

Create config

Update config

Delete config

In addition, you can create notifications for data collection activity. This notification category helps you keep informed when an agent comes online or goes offline.

Category

Agent activity type

Data Collection Activity

New agent deployed

No data in environment

Agent status change

Note

You cannot delete a channel associated with a notification rule.


Was this article helpful?

What's Next