Listing and creation
Overview
To stay informed about the latest activities on your community, you can set up notifications and get alerts each time a new alert pops up or a new report is online.
Notifications Rules, accessible through the User Center or the contextual menu, will let you:
- Focus on specific Sekoia.io events (Operations Center alerts and Intelligence Center reports)
- Add precise conditions
- In a multi-tenant context, select the communities from which you'd like to receive these notifications (from all your communities or just one).
- Configure actions to be triggered (send an e-mail, display a notification in Sekoia.io, …)
This documentation will let you go deeper into Sekoia.io’s notifications mechanism.
Notifications listing
When there are no notifications set up in your community, the listing page will be blank. A + new notification
button is highlighted as you can start creating your notification from there.
Once you have some notifications created, each notification can be modified, duplicated, deleted and (de)activated from the main Notification page in the User Center.
You can also search and filter your notifications from this page.
You can filter by type of trigger or type of actions.
Warning
Each notification is exclusively visible to the user who configured it AND within the community where it was created.
Create a new notification
In single-tenant mode: Notifications apply only to the community you're in.
In multi-tenant mode: By default all notifications will come from all your sub-communities, but you can also choose to receive notifications from just one sub-community.
Once configured, these notifications will only be visible to the user who created them.
Operations Center Notifications
To write a new notification rule in the Operations Center, you first have to:
- Select an
event
andconditions
that will trigger your notification rule. You can configure your notification rule to be triggered onalerts
(that can be either new or already existing) - Choose one or multiple
conditions
amongst multiple options (alert status, its urgency, asset concerned by the alert, etc.) - Select
actions
that you want to see performed. You can choose multiple options: get an in-app notification, receive an email, send texts using webhooks or in a Mattermost channel - Give your notification a
name
- Save your changes
For example, you can decide to trigger a notification when the following criteria are met:
- Status of the new alert is
Ongoing
- Urgency of the new alert is
higher than 80
- Involved asset is
My Critical Asset
Intelligence Center Notifications
You can configure your notification rule to be triggered when a new report
is merged in Sekoia.io’s Intelligence Center.
To do so, you have to:
- Select an
event
andconditions
that will trigger your notification rule. You can configure your notification rule to be triggered onreports being added
- Choose one or multiple
conditions
amongst multiple options (name, description, refers to, sector, country, TLP, FLINT, confidence level…) - Select
actions
that you want to see performed. You can choose multiple options: get an in-app notification, receive an email, send texts using webhooks or in a Mattermost channel - Give your notification a
name
- Save your changes
For example, you can decide to trigger a notification when the following criteria are met:
- It refers to the malware
Cobalt Strike
- It concerns the country
France
Playbooks notifications
The "A playbook has encountered an error" trigger, if selected alone, will send a notification for each error encountered by a playbook in your community, whether or not this error causes the playbook to crash.
If you wish to be notified only if the playbook encounters an error and crashed, you can select the "And crashed" condition.