A high-level overview of the Notifications feature and how Automation can assist users in prioritization and remediation.
This article describes a feature currently under development. If you would like to test this feature before its official release, please contact Customer Success.
What are Notifications?
Notifications provide users an alert that guides them to a page showing the related information for the subscribed event. Users can customize the desired level of notifications that are important to them. The RiskSense platform is processing new data inputs daily, which may include new vulnerability scans, newly published vulnerabilities, and increases to the VRR or severity scoring of existing vulnerabilities as new threats are published. The new Notifications feature will enable the users to have more urgent awareness so that they are easily able to maintain a robust vulnerability management program.
What are Delivery Channels?
Delivery channels enable users to configure notifications to be sent to an Email, MS Teams, Slack, Cyware, Pager Duty, or a custom web hook. Users can create and configure these delivery channels to receive messages from the platform. Channels can be enabled, disabled, or deleted on the Configured Delivery Channels section of the Notifications Preferences page. Delivery Channels can also be made global to be utilized by other users in the platform.
What kind of notifications are available?
- Subscribe to Findings Notifications
- New Open Critical Findings (VRR): Findings that are critical VRR due to ingestion, reopening, or new threat information.
- New Open Critical Findings (Severity): Findings that are critical Severity due to ingestion, reopening, or scoring source adjustments.
- New Open High Findings (VRR): Findings that are high VRR due to ingestion, reopening, or new threat information.
- New Open High Findings (Severity): Findings that are high Severity due to ingestion, reopening, or scoring source adjustments.
- New Open Ransomware Findings: New ransomware published or ransomware updated with new CVE associations that affect the client. New scans with ransomware. Closed finding resurfaces with ransomware.
- Subscribe to Group Notifications
- Change in RS³: Group RS³ is increased or decreased by a specified threshold due to data ingestion, asset moves, workflow expiration, etc.
- Subscribe to Integration Notifications
- Integration Status Update: Integration operation successfully completed. Integration operation failed.
- Subscribe to Vulnerability Notifications
- New Ransomware Vulnerability: New ransomware vulnerability published.
- Vendor Subscription: New vulnerability associated with a specific vendor.
Who can use Notifications?
The ability to view Notification information is available to users with the Core Read IAM privilege. The ability to modify Notifications is housed in the following IAM privileges:
- Delivery Channel Control: Make global, enable, and disable channels owned by others. Edit global delivery channels.
- Delivery Channel Modify: Create, edit, delete, and disable their own delivery channels.
- Notification Modify: Create and modify notifications and subscribe/unsubscribe to/from notifications.
These privileges are provided in the Administrator and Data Manager Foundational Roles, Notification Owner Supplemental Role, and Delivery Channel Owner Supplemental Role. They can also be added to a custom IAM role.
How do I start receiving notifications?
Click the Subscribe button on the corresponding notification.
Select the desired delivery channel.
How do I create a delivery channel?
Click Add a Delivery Channel.
Enter a descriptive channel name in the Email Name field and a valid email in the Email field and click Verify Email.
Verify by entering the code that was received via email.