Notification Manager (Server)
Notification manager is used to configure services and rules for generating and sending system notifications about Workspaces. Select the system menu (top right corner) and then “Notification manager”
to display the Notifications menu:
Before rules can be configured in notification manger, the administrator is required to configure at least one notification service. Services include: e-mail, STIX/TAXII, SIEM (Syslog), and select ticketing systems.
- SMTP configuration requires a server IP address, communication port, user id and password. Note that a firewall port may need to be opened for NP-View to communicate with your SMTP server.
- Syslog configuration requires a server IP address and a communication port.
- Information on configuring SPLUNK can be found here.
- ServiceNow configuration requires a server address, user name and password.
- TAXII configuration requires a server address, server port, data path and a destination collection name.
Service configuration can be found under “Notification manager -> Configure Services” tab.
When connected to LDAP or Active Directory, the user’s email addresses are extracted from the authentication server. They are typically stored within the LDAP/AD email field. The test button will pull the LDAP/AD information for inspection. If a field other than email is used, the field name should be added to the LDAP setup page replacing the default “email”. If the email field is missing, please contact your system administrator to have the email field added and populated for each user who wishes to receive automated notifications.
If your email server requires authentication to send emails, we recommend using a service account with a non-expiring password or notifications will stop sending when the password expires.
NP-View can automatically send information to the configured services for changes and activities impacting your workspaces. Select the system menu and then “Notification manager -> Add/Edit Rule” to setup rules.
Rules can be set to choose which activities and events are included in notifications. When configuring the notification rule, the user will select a service to deliver the notification to, the workspace(s) to be monitored and frequency the report should be delivered.
Notification frequencies are:
After that, the criterion for generating the report is selected. Activity types include:
|Activity type||Activity status||Activity Severity|
|Risk alerts||New, Confirmed, Fixed, False positive, Will not resolve||Low, Medium, High|
|Warnings||New, Confirmed, Fixed, False positive, Will not resolve||Low, Medium, High|
|Comments||New||Low, Medium, High|
For each Activity type, one or more activity status or activity severity can be selected and the notification rule can be filtered by keywords.
Finally, the output can be sanitize to remove IP addresses and saved in the database for future viewing.
Note: If the save in database box is not checked, the report will not be viewable on the Your Reports tab.
Click Save Rule to save your configuration.
Once rules are created, they appear on the “Your Rules” tab. This tab shows each rule created. Workspace Admins can only see their rules and Administrators can see all users rules. From this tab. users can edit, delete or copy a rule.
Once rules triggered and the the “save for future viewing” function is active, a summary of each report generated will be displayed on the reports tab. The Workspace Admin can see and delete their own reports and the Administrator can see and delete all users reports.