Notifications for Threat Management and Security Vulnerabilities
Threat Management Notifications
The Notifications section of Threat Management is configured to send summary emails to configured users or trigger Webhook(s)/Teams Webhook(s).
The notification summary provides information about tenant name, service, cloud account name, and account ID/subscription. The notification provides information about the total number of new threats since the last sync date up until the current date and shows splits per severity and finding type.
If the Threat Management configuration is enabled, then users will get notified about threats when they are detected. Whether the Threat Management configuration is enabled or not, detected threats will be included as part of the notification summary email(s)/webhook(s)/Teams webhook(s). Summary notifications are sent once every 24 hours after a daily threat sync is completed.
Note:
To configure threat management, refer to the following:
Configuring Threat Notifications
Summary emails with threat details are sent to users every 24 hours after the completion of a threat sync. If Threat Management is not configured for an account, then users can go through the notification summary emails to learn about any detected threats.
The threat summary notification provides information about the total new threats that occurred since the last sync date until now. It also provides the split up of threats by severity (critical/high/medium/low) and finding types. The summary email also informs users about the number of threats that were archived since the last sync date.
Perform the following steps to configure security threat notifications for an account:
-
Login and select Governance > Account Governance.
-
Browse to the account for which threat settings need to be made and click VIEW > View Settings.
-
Select Governance Configuration > SECURITY.
-
Select to expand the Threat Management section.
-
In the Notifications section, click CONFIGURE.
The Threat Management Notification Configuration screen appears. -
In the Email Address box, type the email address of the recipient. You can enter up to 50 email IDs in this field.
-
In the Webhook box, type the relevant webhook. You can enter up to 20 webhook links in this field.
-
In the Microsoft Teams Webhook box, type the Microsoft Teams webhook. You can enter up to 20 webhook links in this field.
-
Click to select Exclude My Email Address checkbox if you do not wish to receive the notification email.
Note:
If Threat Management configuration is enabled, then Enable Daily Summary Email and Enable Realtime Individual Email check boxes will appear.
- You can select Enable Daily Summary Email to receive daily summary email notifications.
- You can select Enable Realtime Individual Email to receive real-time email notifications as and when threats are detected.
- You need to select either Enable Daily Summary Email/Enable Realtime Individual Email or both options to enable the notification configuration.
- Click Save & Apply.
The saved details are displayed in the Notifications section as shown below.
- Click EDIT to update any existing details and click DELETE to delete the notification configuration.
Security Vulnerability Notifications
The Notifications section of Vulnerability Assessments is configured to send summary emails to configured users or trigger webhook(s)/Teams webhook(s).
The notification summary provides information about the tenant name, service, cloud account name, and account ID/subscription. The notification also provides information about the total number of vulnerabilities for the cloud account and their splits by vulnerability age, as well as informs users about the number of vulnerabilities that were archived since the last sync date.
The summary notifications are sent to users every 24 hours after the completion of a daily source data sync.
Configuring Security Vulnerabilities
Perform the following steps to configure security vulnerability notifications for an account:
-
Navigate to Governance > Account Governance.
-
Browse to the account for which vulnerability settings need to be made and click VIEW > View Settings.
-
Click Governance Configuration > SECURITY.
-
Click to expand the Vulnerability Assessments section.
-
In the Notifications section, click CONFIGURE.
The Vulnerability Assessments Notification Configuration screen appears. -
In the Email Address box, type the email address of the recipient. You can enter up to 50 email IDs in this field.
-
In the Webhook box, type the relevant webhook. You can enter up to 20 webhook links in this field.
-
In the Microsoft Teams Webhook box, type the Microsoft Teams webhook. You can enter up to 20 webhook links in this field.
-
Click to select Exclude My Email Address checkbox if you do not wish to receive the notification email.
-
Click Save & Apply.
The saved details are displayed in the Notifications section as shown below.
- Click EDIT to update any existing details and click DELETE to delete the notification configuration.
Roles
Users with the following out-of-the-box roles can configure or edit threat and vulnerability notifications from the Account Governance screen:
- Account Admin
- Compliance Admin
- Security Admin
- Partner Service Admin
- Tenant Admin
- Provider Admin
- Delegation Admin
- Workload Owner
Updated 11 months ago