Notification
  • 02 Aug 2023
  • 3 Minutes to read
  • PDF

Notification

  • PDF

Article Summary

Timely and actionable notifications play an important role in application protection. Custom notifications also help you in streamlining the types of notifications you wish to receive and the frequency at which you would like to receive them. Each event has a severity associated with it, for example, high, medium, or low. You can choose the severity of events for which you wish to be notified. For example, you can decide to be notified only for high and medium severity events. Navigate to Administration (image-1638268402925) → Configuration → Notifications page to create custom notifications. Creating a custom notification is a two-step process.

  1. Create a channel
  2. Create notification rule

A notification is distributed through a channel.


Step 1 - Create a channel

A channel is a group of mediums or people to whom you want to notify when a type of event is triggered. You can send notifications to one or more than one of the following channels:

On the Administration (image-1638268402925) → Configuration → Notifications page, click on Create Channel button and provide the details to configure a channel. You can later edit or delete the channel. Once you have created a channel, the next step is to create a notification rule.

Note
If you are configuring S3 Webhook, make sure to configure Audience in your S3 bucket. Contact Traceable's support at support@traceable.ai to get the Audience value to configure in AWS.

Step 2 - Create notification rule

A notification is sent through a channel for a category of events and event type. You can create notifications for different categories. In each category, there are either different threat types or event types. The notifications are created for a specific Environment or all the environments. Select the environment from the Environment drop-down list. After you have configured all the rules for notification, choose a channel from the list of channels that you created earlier. You can at any time change the channel to which you want to send the notification. However, a notification can be sent to only one channel at a time. In the end, decide the frequency of notification from one notification every hour to one notification in 24-hours. 

The following tables list the different category and their corresponding threat types or event types.

CategoryThreat Type
Logged threat activityEnumeration
Region
Email
Data Loss Prevention (DLP)
Custom signature
Rate limiting
IP type and IP range
Cross site scripting
Local file inclusion
Remote file inclusion
HTTP protocol attacks
NodeJS injection
SQL injection
XML external entity injection (XXE)
Java application attacks
Remote code execution
Session fixation
Server-Side Request Forgery (SSRF) Signatures
Server-Side Request Forgery (SSRF)
Basic authentication violation
JWT anomaly
Scanner detection
Authorization bypass - user and object level
Broken function level authorization
Session violation
Content size and content type anomaly
Unexpected HTTP response code
Unexpected user agent
Invalid enumerations
Missing field
Type anomaly
Unrecognized field
Value out of range


Blocked threat activityEmail
Region
Custom signature
Data loss prevention (DLP)
In-agent vulnerable library
IP type and range
Enumeration
Threat actor
Rate limiting
Cross site scripting
Local file inclusion
Remote file inclusion
HTTP protocol attacks
NodeJS injection
SQL injection
XML external entity injection (XXE)
Java application attack
Remote code execution
Session fixation
Server-Side Request Forgery (SSRF) Signatures
Basic authentication violation
Scanner detection
CategoryEvent type
Threat actor status changeNormal
Threat actor
Resolved
Always allowed
Always denied
Suspended
Snoozed


Threat actor severity changeLow
Medium
High
Critical


Protection configuration changeSignature-based blocking
Rate limiting
IP range
Location
Custom signature
Threat auto-blocking
Detection exclusions
Exclusions


Team activityCreate user
Update user
Delete user
User login
User logout

You can create notifications for any change made in the notifications configurations.

CategoryEvent typeEvent category
Notification configuration changeCreate
  • Channel
  • Rule
Update
Delete



Data classification configuration changeCreate
  • User attribution
  • Session identification
  • Data set
  • Data type
Update
Delete

In addition, you can also create notifications for Data collection activity. This category of notification helps you to keep informed when an agent comes online or goes offline.

If you delete a channel that is associated with a notification rule, then you have to manually associate the notification to an already available channel or create a new channel to associate with the notification rule.


Was this article helpful?

What's Next