Configure ThreatSync+ NDR Alerts and Notification Rules
Applies To: ThreatSync+ NDR
You can configure WatchGuard Cloud to send email notifications when ThreatSync+ NDR detects a threat or vulnerability. To set up email notifications, you specify which policy alerts and Smart Alerts generate a notification when they are created or updated.
Configure Alerts in ThreatSync+ NDR
On the Alerts page, you can specify which policies and Smart Alert types are included in the notification rules you configure to generate alerts and send email notifications from WatchGuard Cloud.
To configure ThreatSync+ NDR Alerts, from WatchGuard Cloud:
- Select Configure > ThreatSync+ NDR > Alerts.
The Alerts page opens.
- In the Policies section, select the check boxes next to the policies that you want to include in your alerts.
- In the Smart Alerts section, for each Smart Alert type that you want to include in your alerts, select one or both of the Created and Updated check boxes.
Configure Notification Rules in WatchGuard Cloud
In WatchGuard Cloud, you can configure notification rules to generate alerts and send email notifications for ThreatSync+ NDR activity. Notification rules make it easier for you to respond to emerging threats on your network.
ThreatSync+ NDR Notification Types
For each
Policy Alert
Generates an alert when a new policy alert is generated for your account.
Smart Alert Created
Generates an alert when a smart alert is created.
Smart Alert Updated
Generates an alert when a smart alert is updated.
Add a Notification Rule for ThreatSync+ NDR
To add a new notification rule for
- Select Administration > Notifications.
- Select the Rules tab.
- Click Add Rule.
- On the Add Rule page, in the Name text box, type a name for your rule to help you identify it.
- From the Notification Source drop-down list, select ThreatSync+ NDR.
- From the Notification Type drop-down list, select the action or event that causes this rule to generate an alert.
- (Optional) Type a description for your rule.
- From the Delivery Method drop-down list, select one of these options:
- None — The rule generates an alert that appears on the Alerts page in WatchGuard Cloud.
- Email — The rule generates an alert that appears on the Alerts page in WatchGuard Cloud and sends a notification email to the specified recipients.
- If you select Email for the delivery method:
- From the Frequency drop-down list, configure how many email messages the rule can send per day:
- To send an email message for each alert the rule generates, select Send All Alerts.
- To restrict how many email messages the rule sends each day, select Send At Most. In the Alerts Per Day text box, type the maximum number of email messages this rule can send each day. You can specify a value up to 20,000 alerts per day.
- In the Subject text box, type the subject line for the email message this rule sends when it generates an alert. You can type a maximum of 78 characters.
- In the Recipients text box, type the email address for each person you want to receive an email message when this rule generates an alert. You can type multiple email addresses. Press Enter after each email address or separate the email addresses with a space, comma, or semicolon.
- From the Frequency drop-down list, configure how many email messages the rule can send per day:
- Click Add Rule.
To delete a notification rule, clicknext to the rule you want to delete.
For more information on how to manage alerts, go to Manage WatchGuard Cloud Alerts.