Listing and creation
Overview
To stay informed about the latest activities on your community, you can set up notifications and get alerts each time a new alert pops up or a new report is online.
Notifications Rules, accessible through the User Center or the contextual menu, will let you:
- Focus on specific SEKOIA.IO events (Operations Center alerts and Intelligence Center reports)
- Add precise conditions
- Configure actions to be triggered (send an e-mail, display a notification in SEKOIA.IO, …)
This documentation will let you go deeper into SEKOIA.IO’s notifications mechanism.
Notifications listing
When there are no notifications set up in your community, the listing page will be blank. A + new notification
button is highlighted as you can start creating your notification from there.
Once you have some notifications created, each notification can be modified, duplicated, deleted and (de)activated from the main Notification page in the User Center.
You can also search and filter your notifications from this page.
You can filter by type of trigger or type of actions.
Warning
Each notification is visibile only for the one that configured it AND on the community it was created.
Create a new notification
Notifications only apply to the community and the application you are in. Once configured, these notifications will only be visible to the user who created them.
Operations Center Notifications
To write a new notification rule in the Operations Center, you first have to:
- Select an
event
andconditions
that will trigger your notification rule. You can configure your notification rule to be triggered onalerts
(that can be either new or already existing) - Choose one or multiple
conditions
amongst multiple options (alert status, its urgency, asset concerned by the alert, etc.)
For example, you can decide to trigger a notification when the following criteria are met:
- Status of the new alert is
Ongoing
- Urgency of the new alert is
higher than 80
- Involved asset is
My Critical Asset
- Select
actions
that you want to see performed. You can choose multiple options: get an in-app notification, receive an email, send texts using webhooks or in a Mattermost channel - Give your notification a
name
- Save your changes
Intelligence Center Notifications
You can configure your notification rule to be triggered when a new report
is merged in SEKOIA.IO’s Intelligence Center.
To do so, you have to:
- Select an
event
andconditions
that will trigger your notification rule. You can configure your notification rule to be triggered onreports being added
- Choose one or multiple
conditions
amongst multiple options (name, description, refers to, sector, country, TLP, FLINT, confidence level…)
For example, you can decide to trigger a notification when the following criteria are met:
- It refers to the malware
Cobalt Strike
- It concerns the country
France
- Select
actions
that you want to see performed. You can choose multiple options: get an in-app notification, receive an email, send texts using webhooks or in a Mattermost channel - Give your notification a
name
- Save your changes