Generic selectors
Exact matches only
Search in title
Search in content
post
page
How can we help?
Print

Notification Automation

Notification manager is used to configure services and rules for generating and sending system notifications about Workspaces. Select the system menu (top right corner) and then “Notification manager”

to display the Notifications menu:

Configure Services

Before rules can be configured in notification manger, the administrator is required to configure at least one notification service.  Services include: e-mail, STIX/TAXII, SIEM (Syslog), and select ticketing systems.

  • SMTP configuration requires a server IP address, communication port, user id and password.  Note that a firewall port may need to be opened for NP-View to communicate with your SMTP server.
  • Syslog configuration requires a server IP address and a communication port.
  • ServiceNow configuration requires a server address, user name and password.
  • TAXII configuration requires a server address, server port, data path and a destination collection name.

Service configuration can be found under “Notification manager -> Configure Services” tab.

When connected to LDAP or Active Directory, the user\'s email addresses are extracted from the authentication server. They are typically stored within the LDAP/AD email field. The test button will pull the LDAP/AD information for inspection. If a field other than email is used, the field name should be added to the LDAP setup page replacing the default "email". If the email field is missing, please contact your system administrator to have the email field added and populated for each user who wishes to receive automated notifications.

 

Add/Edit Rules

NP-View can automatically send information to the configured services for changes and activities impacting your workspaces. Select the system menu and then “Notification manager -> Add/Edit Rule” to setup rules.

Rules can be set to choose which activities and events are included in notifications.  When configuring the notification rule, the user will select a service to deliver the notification to, the workspace(s) to be monitored and frequency the report should be delivered.

Notification frequencies are determined by the product purchased as outlined below:

  • Professional Server: Instant and hourly not available
  • Enterprise: All frequencies available

After that, the criterion for generating the report is selected. Activity types include:

Activity type Activity status Activity Severity
Risk alerts New, Confirmed, Fixed, False positive, Will not resolve Low, Medium, High
Warnings New, Confirmed, Fixed, False positive, Will not resolve Low, Medium, High
Errors New
Comments New Low, Medium, High
Change events New

For each Activity type, one or more activity status or  activity severity can be selected and the notification rule can be filtered by keywords.

Finally, the output can be sanitize to remove IP addresses and saved in the database for future viewing.

Note: If the save in database box is not checked, the report will not be viewable on the Your Reports tab.

Click Save Rule to save your configuration.

 

Your Rules

Once rules are created, they appear on the “Your Rules” tab. This tab shows each rule created.  Workspace Admins can only see their rules and Administrators can see all users rules.  From this tab. users can edit, delete or copy a rule.

Your Reports

Once rules triggered and the the “save for future viewing” function is active, a summary of each report generated will be displayed on the  reports tab.  The Workspace Admin can see and delete their own reports and the Administrator can see and delete all users reports.

Previous Data Collection Automation
Next Dashboard
Table of Contents