Applies To: FireCloud Internet Access
In WatchGuard Cloud, you can configure notification rules to generate alerts and send email notifications for AuthPoint events, such as denied push notifications and LDAP syncronization.
FireCloud
ThreatSync+ SaaS Notification Types
For each
Gateway AntiVirus
Generates an alert for the specified Gateway AntiVirus threat levels. You can set an alert for when a virus is detected, when a scan error occurs, when content exceeds the scan limit size, and when content is encrypted.
APT Blocker
Generates an alert for the specified APT Blocker threat levels.
Intrusion Prevention Service
Generates an alert for the specified Intrusion Prevention Service threat levels.
Zero-day Malware
Generates an alert for the specified Zero-day Malware threat levels.
FireCloud Exceptions
Generates an alert when an exception applies to user traffic.
FireCloud WebBlocker
Generates an alert when WebBlocker blocks a connection.
SaaS Policy Alert
Generates an alert when ThreatSync+ SaaS generates a new policy alert for your account.
Heartbeat Detected
Generates an alert when ThreatSync+ SaaS detects a heartbeat from your SaaS integration. SaaS collectors communicate with Microsoft 365 every 30 minutes to confirm that the integration is working properly.
Heartbeat Not Detected
Generates an alert when ThreatSync+ SaaS does not detect a heartbeat from your SaaS integration for 120 minutes.
Add a Notification Rule for FireCloud ThreatSync+ SaaS
Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have the Configure Notification Rules permission to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.
To add a new notification rule for
- Select Administration > Notifications.
- Select the Rules tab.
- Click Add Rule.
- On the Add Rule page, in the Name text box, type a name for your rule to help you identify it.
- From the Notification Source drop-down list, select
- From the Notification Type drop-down list, select the action or event that causes this rule to generate an alert.
- (Optional) Type a description for your rule.
-
Select which threat levels to generate an alert for.
The scan limit for Gateway AntiVirus is 10 MB. If you configure a rule to generate alerts when content exceeds the scan limit size, FireCloud might generate a high number of alerts.
- From the Delivery Method drop-down list, select one of these options:
- None — The rule generates an alert that appears on the Alerts page in WatchGuard Cloud.
- Email — The rule generates an alert that appears on the Alerts page in WatchGuard Cloud and sends a notification email to the specified recipients.
- If you select Email for the delivery method:
- From the Frequency drop-down list, configure how many email messages the rule can send per day:
- To send an email message for each alert the rule generates, select Send All Alerts.
- To restrict how many email messages the rule sends each day, select Send At Most. In the Alerts Per Day text box, type the maximum number of email messages this rule can send each day. You can specify a value up to 20,000 alerts per day.
- In the Subject text box, type the subject line for the email message this rule sends when it generates an alert. You can type a maximum of 78 characters.
- In the Recipients text box, type the email address for each person you want to receive an email message when this rule generates an alert. You can type multiple email addresses. Press Enter after each email address or separate the email addresses with a space, comma, or semicolon.
- From the Frequency drop-down list, configure how many email messages the rule can send per day:
- Click Add Rule.
To delete a notification rule, click
next to the rule you want to delete.
For more information on how to manage alerts, go to Manage WatchGuard Cloud Alerts.