- 27 Aug 2024
- 3 Minutes to read
- Print
- PDF
Notification
- Updated on 27 Aug 2024
- 3 Minutes to read
- Print
- PDF
Timely and actionable notifications play an important role in application protection. Custom notifications also help you streamline the types of notifications you wish to receive and the frequency at which you would like to receive them. Some events also have severities associated with them, for example, high, medium, or low. You can choose the severity of events for which you wish to be notified. For example, you can decide to be notified only for high and medium-severity events. Navigate to Settings () → Configuration → Notifications page to create custom notifications. Creating a custom notification is a two-step process.
Create a channel
Create a notification rule
A notification is distributed through a channel.
Step 1 - Create a channel
A channel is a group of mediums or people to whom you want to notify when a type of event is triggered. You can send notifications to one or more than one of the following channels:
Email addresses - A comma separated list of email addresses.
Slack webhook - For information on creating a Slack webhook, see Sending messages using Incoming Webhooks.
S3 webhook
Splunk webhook - For information on Splunk webhook, see Splunk documentation.
Syslog Server - For more information on Syslog server, see Syslog documentation.
Custom webhook.
On the Settings () → Configuration → Notifications page, click on Create Channel button and ptrovide the details to configure a channel. You can later edit or delete the channel. Once you have created a channel, the next step is to create a notification rule.
Note
If you are configuring S3 Webhook, make sure to configure Audience in your S3 bucket. Contact Traceable's support at support@traceable.ai to get the Audience value to configure in AWS.
Step 2 - Create a notification rule
A notification is sent through a channel for a category of events and event type. You can create notifications for different categories. In each category, there are either different threat types or event types. The notifications are created for a specific Environment or all the environments. Select the environment from the Environment drop-down list. After configuring all the notification rules, choose a channel from the list of channels you created earlier. You can change the channel to which you want to send the notification at any time. However, a notification can be sent to only one channel. Ultimately, decide the frequency of notifications from one notification every hour to one notification in 24-hours.
The following tables list the different category and their corresponding threat types or event types.
Category | Threat Type |
---|---|
Logged threat activity | Authorization Bypass - Object Level |
Authorization Bypass - User Level | |
Content Size Anomaly | |
Content Type Anomaly | |
Cross-Site Scripting (XSS) | |
Custom Signature | |
Data Loss Prevention | |
Email Domain Malicious Sources | |
Enumeration | |
GraphQL Attacks | |
HTTP Protocol Attacks | |
Invalid Enumerations | |
IP Range Malicious Sources | |
IP Type Malicious Sources | |
Java Application Attacks | |
Local File Inclusion | |
Mass Assignment | |
Missing Field | |
NodeJS Injection | |
Rate Limiting | |
Region Malicious Sources | |
Remote Code Execution | |
Remote File Inclusion | |
Scanner Detection | |
Server Side Request Forgery (SSRF) Signatures | |
Session Fixation | |
SQL Injection | |
Type Anomaly | |
Value Out of Range | |
XML External Entity Injection (XXE) | |
Blocked threat activity | Cross-Site Scripting (XSS) |
Custom Signature | |
Data Loss Prevention | |
Email Domain Malicious Sources | |
Enumeration | |
GraphQL Attacks | |
HTTP Protocol Attacks | |
In-Agent Vulnerable Library | |
IP Range Malicious Sources | |
IP Type Malicious Sources | |
Java Application Attacks | |
Local File Inclusion | |
NodeJS Injection | |
Rate Limiting | |
Region Malicious Sources | |
Remote Code Execution | |
Remote File Inclusion | |
Scanner Detection | |
Server Side Request Forgery (SSRF) Signatures | |
Session Fixation | |
SQL Injection | |
Threat Actor | |
XML External Entity Injection (XXE) |
Category | Event type |
---|---|
Threat actor status change | Normal |
Threat Actor | |
Resolved | |
Always Allowed | |
Always Denied | |
Suspended | |
Snoozed | |
Threat actor severity state change | Low |
Medium | |
High | |
Critical | |
Protection configuration change | Signature Based Blocking |
Rate Limiting | |
Data Loss Prevention | |
Enumeration | |
Malicious Sources IP Range | |
Malicious Sources Region | |
Malicious Sources Email Domain | |
Malicious Sources IP Type | |
Custom Signature | |
Detection | |
Exclusions | |
Team activity | Create User |
Update User | |
Delete User | |
Invite User | |
User Accept Invite | |
User Login | |
User Logout | |
Threat scoring configuration change | Anomalous Behavior Score Contribution |
Severity Score Contribution | |
Threat Actor Score Contribution | |
Events Contribution | |
IP Reputation Score Contribution | |
Status Code Contribution | |
Threat Auto Blocking |
You can create notifications for any change made in the notifications configurations.
Category | Event Type | Event Category |
---|---|---|
API naming rule configuration change | Create | |
Update | ||
Delete | ||
API documentation configuration change | Create | |
Update | ||
Delete | ||
Exclude rule configuration change | Create | |
Update | ||
Delete | ||
Label configuration change | Create |
|
Update | ||
Delete | ||
Risk scoring configuration change | Update | |
Posture event | API Discovery | |
Risk Score Change | ||
Sensitive Data Discovery | ||
Sensitive Data Shared With Third Party | ||
Service Discovery | ||
Vulnerability Discovery | ||
Notification configuration change | Create |
|
Update | ||
Delete | ||
Data classification configuration change | Create |
|
Update | ||
Delete | ||
Integration configuration change | Create config | |
Update config | ||
Delete config |
In addition, you can create notifications for data collection activity. This notification category helps you keep informed when an agent comes online or goes offline.
Category | Agent activity type |
---|---|
Data Collection Activity | New agent deployed |
No data in environment | |
Agent status change |
Note
You cannot delete a channel associated with a notification rule.