Configure ThreatSync+ NDR Alerts and Notification Rules
Applies To: ThreatSync+ NDR
This feature is only available to participants in the ThreatSync+ NDR Beta program.
You can configure WatchGuard Cloud to send email notifications when ThreatSync+ NDR detects a threat or vulnerability. To set up email notifications, you specify which policy alerts and Smart Alerts generate a notification when they are created or updated.
Configure Alerts in ThreatSync+ NDR
On the Alerts page, you can specify which policies and Smart Alert types are included in the notification rules you configure to generate alerts and send email notifications from WatchGuard Cloud.
To configure ThreatSync+ NDR Alerts, from WatchGuard Cloud:
- Select Configure > ThreatSync+ NDR > Alerts.
The Alerts page opens.
- In the Policies section, select the check boxes next to the policies that you want to include in your alerts.
- In the Smart Alerts section, for each Smart Alert type that you want to include in your alerts, select one or both of the Created and Updated check boxes.
Configure Notification Rules in WatchGuard Cloud
In WatchGuard Cloud, you can configure notification rules to generate alerts and send email notifications for ThreatSync+ NDR activity. Notification rules make it easier for you to respond to emerging threats on your network.
Delivery Methods
For each notification rule, you can select one of these delivery methods:
- None — The rule generates an alert that appears on the Alerts page in WatchGuard Cloud.
- Email — The rule generates an alert that appears on the Alerts page in WatchGuard Cloud and also sends a notification email to the specified recipients.
Add a ThreatSync+ NDR Notification Rule
To add a new ThreatSync+ NDR notification rule:
- Select Administration > Notifications.
- Select the Rules tab.
- Click Add Rule.
The Add Rule page opens.
- On the Add Rule page, in the Name text box, enter a name for your rule.
- From the Notification Source drop-down list, select ThreatSync+ NDR.
- From the Notification Type drop-down list, select one of these ThreatSync+ NDR notification types:
- Policy Alert — Generates an alert when a new policy alert is generated for your account.
- Smart Alert Created — Generates an alert when a smart alert is created.
- Smart Alert Updated — Generates an alert when a smart alert is updated.
- (Optional) Type a Description for your rule.
- To send an email message when the rule generates an alert:
- From the Delivery Method drop-down list, select Email.
- From the Frequency drop-down list, configure how many emails the rule can send each day:
- To send an email for each alert the rule generates, select Send All Alerts.
- To restrict how many email messages the rule sends each day, select Send At Most. In the Alerts Per Day text box, enter the maximum number of email messages this rule can send each day. You can specify a value of up to 20,000 alerts per day.
- In the Subject text box, enter the subject line for the email message this rule sends when it generates an alert.
- In the Recipients section, enter one or more email addresses. Press Enter after each email address, or separate the email addresses with a space, comma, or semicolon.
- Click Add Rule.
To delete a notification rule, click next to the rule you want to delete.