Skip to content

Listing and creation

Overview

To stay informed about the latest activities on your community, you can set up notifications and get alerts each time a new alert pops up or a new report is online.

Notifications Rules, accessible through the User Center or the contextual menu, will let you:

  • Focus on specific SEKOIA.IO events (Operations Center alerts and Intelligence Center reports)
  • Add precise conditions
  • Configure actions to be triggered (send an e-mail, display a notification in SEKOIA.IO, …)

This documentation will let you go deeper into SEKOIA.IO’s notifications mechanism.

Notifications listing

When there are no notifications set up in your community, the listing page will be blank. A + new notification button is highlighted as you can start creating your notification from there.

Once you have some notifications created, each notification can be modified, duplicated, deleted and (de)activated from the main Notification page in the User Center.

You can also search and filter your notifications from this page.

You can filter by type of trigger or type of actions.

Warning

Each notification is visibile only for the one that configured it AND on the community it was created.

Create a new notification

Notifications only apply to the community and the application you are in. Once configured, these notifications will only be visible to the user who created them.

Operations Center Notifications

To write a new notification rule in the Operations Center, you first have to:

  1. Select an event and conditions that will trigger your notification rule. You can configure your notification rule to be triggered on alerts (that can be either new or already existing)
  2. Choose one or multiple conditions amongst multiple options (alert status, its urgency, asset concerned by the alert, etc.)

For example, you can decide to trigger a notification when the following criteria are met:

  • Status of the new alert is Ongoing
  • Urgency of the new alert is higher than 80
  • Involved asset is My Critical Asset
  • Select actions that you want to see performed. You can choose multiple options: get an in-app notification, receive an email, send texts using webhooks or in a Mattermost channel
  • Give your notification a name
  • Save your changes

Intelligence Center Notifications

You can configure your notification rule to be triggered when a new report is merged in SEKOIA.IO’s Intelligence Center.

To do so, you have to:

  1. Select an event and conditions that will trigger your notification rule. You can configure your notification rule to be triggered on reports being added
  2. Choose one or multiple conditions amongst multiple options (name, description, refers to, sector, country, TLP, FLINT, confidence level…)

For example, you can decide to trigger a notification when the following criteria are met:

  • It refers to the malware Cobalt Strike
  • It concerns the country France
  • Select actions that you want to see performed. You can choose multiple options: get an in-app notification, receive an email, send texts using webhooks or in a Mattermost channel
  • Give your notification a name
  • Save your changes