In WatchGuard Cloud, you can configure notification rules that enable WatchGuard Cloud to generate alerts and send email notifications. Notification rules determine which events generate alerts. When WatchGuard Cloud generates an alert, the alert appears on the Alerts page as an active alert until you acknowledge it.
On the Rules page, you can see all rules created for your account. By default, several predefined rules exist. You can edit the default rules to change the name, description, and delivery method. There are some default rules you cannot delete.
You can configure additional notification rules to generate alerts for specific events in WatchGuard Cloud and AuthPoint, or for alarms received from a connected Firebox or access point.
You can configure notification rules for events from these sources:
- WatchGuard Cloud — Generate alerts based on events in your WatchGuard Cloud account, such as account delegation, inventory allocation, and operator account updates.
- AuthPoint — Generate alerts based on AuthPoint events, such as denied push notification, and LDAP syncronization.
- Devices — Generate alerts based on changes to device status in WatchGuard Cloud, and alarms received from a Firebox or access point.
To generate alerts and email notification for Firebox events and alarms you must add a notification rule in WatchGuard Cloud, and also configure notification settings on the Firebox. For more information, see Configure Notification Rules for Firebox Events.
- ThreatSync — Generate alerts based on changes to incidents in ThreatSync, such as new incidents, actions performed, or if an incident is archived. For more information, see Configure ThreatSync Notification Rules.
When you select the notification source in a rule, the available notification types for that source appear in the rule settings.
For each rule, you can select one of these delivery methods:
- None — The rule generates an alert that appears on the Alerts page.
- Email — The rule generates an alert that appears on the Alerts page and also sends a notification email to the specified recipients.
Add a Notification Rule
To add a new rule:
- Select Administration > Notifications.
- Select the Rules tab.
- Click Add Rule.
- On the Add Rule page, in the Name text box, type a name for your rule to help you identify it.
- From the Notification Source drop-down list, select the service or platform that generates the alert.
This is where the alert comes from.
- From the Notification Type drop-down list, select the action or event that causes this rule to generate an alert.
The options available in this drop-down list change based on your selection from the Notification Source drop-down list.
- (Optional) Type a description for your rule.
- If you want the rule to send an email message when it generates an alert:
- From the Delivery Method drop-down list, select Email
- From the Frequency drop-down list, configure how many emails the rule can send per day:
- To send an email for each alert the rule generates, select Send All Alerts.
- To restrict how many email messages the rule sends each day, select Send At Most. In the Alerts Per Day text box, type the maximum number of email messages this rule can send each day. You can set specify a value of up to 20,000 alerts per day.
- In the Subject text box, type the subject line for the email message this rule sends when it generates an alert. You can type a maximum of 78 characters.
- In the Recipients text box, type the email address for each person you want to receive an email message when this rule generates an alert. You can type multiple email addresses. Press Enter after each email address or separate the email addresses with a space, comma, or semicolon.
- Click Add Rule.