Notifications: Overview

Summary: A high-level overview of the Notifications feature and how Automation can assist users in prioritization and remediation.

What are Notifications?

Notifications provide users an alert that guides them to a page showing the related information for the subscribed event. Users can customize the desired level of notifications that are important to them. The Ivanti Neurons RBVM/ASOC/VULN KB platform is processing new data inputs daily, which may include new vulnerability scans, newly published vulnerabilities, and increases to the VRR or severity scoring of existing vulnerabilities as new threats are published. The new Notifications feature will enable the users to have more urgent awareness so that they are easily able to maintain a robust vulnerability management program.

What are Delivery Channels?

Delivery channels enable users to configure notifications to be sent to an Email, MS Teams, Slack, Cyware, Pager Duty, or a custom web hook. Users can create and configure these delivery channels to receive messages from the platform. Channels can be enabled, disabled, or deleted on the Configured Delivery Channels section of the Notifications Preferences page. Delivery Channels can also be made global to be utilized by other users in the platform.

What kind of notifications are available?

  • Subscribe to Findings Notifications

    • New Open Critical Findings (VRR): Findings that are critical have Critical VRR due to ingestion, reopening, or new threat information.

    • New Open Critical Findings (Severity): Findings that are critical have Critical Severity due to ingestion, reopening, or scoring source adjustments.

    • New Open High Findings (VRR): Findings that have High VRR due to ingestion, reopening, or new threat information.

    • New Open High Findings (Severity): Findings that have High Severity due to ingestion, reopening, or scoring source adjustments.

    • New Open Medium Findings (VRR): Findings that have Medium VRR due to ingestion, reopening, or new threat information.

    • New Open Medium Findings (Severity): Findings that have Medium Severity due to ingestion, reopening, or new threat information.

    • New Open Low Findings (VRR): Findings that have Low VRR due to ingestion, reopening, or new threat information.

    • New Open Low Findings (Severity): Findings that have Low Severity due to ingestion, reopening, or new threat information.

    • New Open Ransomware Findings: New ransomware published or ransomware updated with new CVE associations that affect the client. New scans with ransomware. Closed finding resurfaces with ransomware.

  • Subscribe to Group Notifications

    • Change in RS³: Group RS³ is increased or decreased by a specified threshold due to data ingestion, asset moves, workflow expiration, etc.

  • Subscribe to Integration Notifications

    • Integration Status Update: Integration operation successfully completed. Integration operation failed.

  • Subscribe to Vulnerability Notifications

    • New Ransomware Vulnerability: New ransomware vulnerability published.

    • Vendor Subscription: New vulnerability associated with a specific vendor.

Who can use Notifications?

The ability to view Notification information is available to users with the Core Read IAM privilege. The ability to modify Notifications is housed in the following IAM privileges:

  • Delivery Channel Control: Make global, enable, and disable channels owned by others. Edit global delivery channels.

  • Delivery Channel Modify: Create, edit, delete, and disable their own delivery channels.

  • Notification Modify: Create and modify notifications and subscribe/unsubscribe to/from notifications.

These privileges are provided in the Administrator and Data Manager Foundational Roles, Notification Owner Supplemental Role, and Delivery Channel Owner Supplemental Role. They can also be added to a custom IAM role.

How do I start receiving notifications?

Click the Subscribe button on the corresponding notification.

Notifications - Subscribe Location

Select the desired delivery channel.

Notifications - Select Delivery Channel

How do I create a delivery channel?

Click Add a Delivery Channel.

Notifications - Add a Delivery Channel Location

Enter a descriptive channel name in the Email Name field and a valid email in the Email field and click Verify Email.

Notifications - Add Delivery Channel

Verify by entering the code that was received via email.

Notifications - Verification Code