Configure ThreatSync Notification Rules

Applies To: ThreatSync

In WatchGuard Cloud, you can configure notification rules to generate alerts and send email notifications for ThreatSync activity. Notification rules make it easier for you to respond to emerging threats on your network and endpoints, and provide awareness of incident changes and remediated threats.

Delivery Methods

For each rule, you can select one of these delivery methods:

  • None — The rule generates an alert that appears on the Alerts page in WatchGuard Cloud.
  • Email — The rule generates an alert that appears on the Alerts page in WatchGuard Cloud and also sends a notification email to the specified recipients.

Add a ThreatSync Notification Rule

To add a new ThreatSync notification rule:

  1. Select Administration > Notifications.
  2. Select the Rules tab.
  3. Click Add Rule.
    The Add Rule page opens.

Screen shot of the Add Rule page in WatchGuard Cloud

  1. On the Add Rule page, in the Name text box, enter a name for your rule.
  2. From the Notification Source drop-down list, select ThreatSync.
  3. From the Notification Type drop-down list, select one of these ThreatSync notification types:
    • New Incident — Generates an alert for new incidents that meet the specified conditions.
    • Action Performed — Generates an alert for actions performed that meet the specified conditions.
    • Incident Archived — Generates an alert when an incident is archived that meets the specified conditions.
  4. (Optional) Type a Description for your rule.
  5. Select the conditions that must be met to generate an alert:
    • Risk From/Risk To — Select a range of risk scores from 1 to 10.
    • Incident Type — Select one or more incident types.
    • Device Type — Select one or more device types.
    • Action — Select one or more actions performed (Action Performed notification type only).
  6. To send an email message when the rule generates an alert:
    1. From the Delivery Method drop-down list, select Email.

      Screen shot of the Delivery Method section on the Add Rule page in WatchGuard Cloud

    2. From the Frequency drop-down list, configure how many emails the rule can send each day:
      • To send an email for each alert the rule generates, select Send All Alerts.
      • To restrict how many email messages the rule sends each day, select Send At Most. In the Alerts Per Day text box, enter the maximum number of email messages this rule can send each day. You can specify a value of up to 20,000 alerts per day.
    3. In the Subject text box, enter the subject line for the email message this rule sends when it generates an alert.
    4. In the Recipients section, enter one or more email addresses. Press Enter after each email address, or separate the email addresses with a space, comma, or semicolon.
  7. Click Add Rule.

To delete a notification rule, clickScreen shot of the Delete iconnext to the rule you want to delete.

To manage ThreatSync alerts, go to Manage WatchGuard Cloud Alerts.

Related Topics

About ThreatSync

Configure Rules for Notifications

See Audit Logs