Alerts
Alerts enable users to be notified of new items corresponding to personalized search criteria. For example, it is possible to receive an alert for new vulnerabilities present on assets.
Alerts work by checking the items concerned by the associated search. If there are any elements relevant to the search, the alert will send the 500 first items found.
Alerts are based on a location corresponding to the type of data that they will send when something new occurs. Available locations are:
| Location | Variables available in integration |
|---|---|
| Inventory | assets |
| Vulnerability encyclopedia | cves |
| Corrective actions | technologies, assets, cves |
| Encyclopedia of security issues | security_issues |
| Encyclopedia of compliance rules | compliance_rules |
| Discovered assets | hosts |
Alerts use integrations to send the new items concerned. It should be noted that the data chosen in the request body of an integration is strongly linked to the location of an alert. For example, an alert on the vulnerability encyclopedia will not be able to fill in the data for assets in an integration. For more information on integrations, see Integrations.
Alerts are automatically executed daily, weekly or monthly at 7 a.m. (UTC).
Users can create their own alerts.
When a user is created, Cyberwatch automatically creates a standard alert for them, indicating new vulnerabilities present on assets and published in the CISA KEV or CERT-FR ALE catalogs. This standard alert is sent via an SMTP integration.
Create an alert
An alert can be created directly from the inventory or an encyclopedia (Vulnerabilities, Corrective Actions, Security Defects, Compliance Rules) by using the current search using the Bulk edit button then Create Alert, or from the Settings > Planned alerts menu by clicking on the “Add” button.
Alerts are automatically executed in the background when created.
Manage alerts
Alert scheduling can be viewed and edited from the Settings > Planned alerts menu. From this menu, it is possible to:
- deactivate an alert, useful to avoid having to delete an alert that is temporarily not needed;
- manually execute an alert, allowing to restart it immediately, without having to wait for the next automatic execution;
- reset previous alert results, allowing to empty the results already discovered by the alert, so as to be able to receive the results again;
- edit an alert;
- delete an alert.