Configure ThreatSync+ NDR Alerts and Notification Rules

Applies To: ThreatSync+ NDR

This feature is only available to participants in the ThreatSync+ NDR Beta program.

You can configure WatchGuard Cloud to send email notifications when ThreatSync+ NDR detects a threat or vulnerability. To set up email notifications, you specify which policy alerts and Smart Alerts generate a notification when they are created or updated.

Configure Alerts in ThreatSync+ NDR

On the Alerts page, you can specify which policies and Smart Alert types are included in the notification rules you configure to generate alerts and send email notifications from WatchGuard Cloud.

To configure ThreatSync+ NDR Alerts, from WatchGuard Cloud:

  1. Select Configure > ThreatSync+ NDR > Alerts.
    The Alerts page opens.

Screenshot of the Alerts page in the Configure menu in ThreatSync+ NDR

  1. In the Policies section, select the check boxes next to the policies that you want to include in your alerts.
  2. In the Smart Alerts section, for each Smart Alert type that you want to include in your alerts, select one or both of the Created and Updated check boxes.

Configure Notification Rules in WatchGuard Cloud

In WatchGuard Cloud, you can configure notification rules to generate alerts and send email notifications for ThreatSync+ NDR activity. Notification rules make it easier for you to respond to emerging threats on your network.

Delivery Methods

For each notification rule, you can select one of these delivery methods:

  • None — The rule generates an alert that appears on the Alerts page in WatchGuard Cloud.
  • Email — The rule generates an alert that appears on the Alerts page in WatchGuard Cloud and also sends a notification email to the specified recipients.

Add a ThreatSync+ NDR Notification Rule

To add a new ThreatSync+ NDR notification rule:

  1. Select Administration > Notifications.
  2. Select the Rules tab.
  3. Click Add Rule.
    The Add Rule page opens.

Screen shot of the Add Rule page in WatchGuard Cloud

  1. On the Add Rule page, in the Name text box, enter a name for your rule.
  2. From the Notification Source drop-down list, select ThreatSync+ NDR.
  3. From the Notification Type drop-down list, select one of these ThreatSync+ NDR notification types:
    • Policy Alert — Generates an alert when a new policy alert is generated for your account.
    • Smart Alert Created — Generates an alert when a smart alert is created.
    • Smart Alert Updated — Generates an alert when a smart alert is updated.
  4. (Optional) Type a Description for your rule.
  5. To send an email message when the rule generates an alert:
    1. From the Delivery Method drop-down list, select Email.

      Screen shot of the Delivery Method section on the Add Rule page in WatchGuard Cloud

    2. From the Frequency drop-down list, configure how many emails the rule can send each day:
      • To send an email for each alert the rule generates, select Send All Alerts.
      • To restrict how many email messages the rule sends each day, select Send At Most. In the Alerts Per Day text box, enter the maximum number of email messages this rule can send each day. You can specify a value of up to 20,000 alerts per day.
    3. In the Subject text box, enter the subject line for the email message this rule sends when it generates an alert.
    4. In the Recipients section, enter one or more email addresses. Press Enter after each email address, or separate the email addresses with a space, comma, or semicolon.
  6. Click Add Rule.

To delete a notification rule, click Screen shot of the Delete icon next to the rule you want to delete.

Related Topics

Manage WatchGuard Cloud Alerts

See Audit Logs

Configure ThreatSync+ NDR