Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Under the Event Set, click on +Add to add the Alert Rule.

...

  • Here a set of Events is to be set to get notified for. Those events are categorized as Agent, Company, Asset, Ports, Remediation, Vulnerability, AzureerrorAzure error, and AD Audit. Every category will have certain events which can be set.

  • Enter the Event Name and select the category and an Event/s as required.

...

  • Every Category has a set of events/alerts under them which can be selected as per the requirement.

...

  • The Agent & Company category has the below-listed alerts and selection of all or any is allowed.

...

  • e.g. Asset category has below-listed alerts and selection of all or any is allowed.

...

  • For the The Ports category , has the below-listed alerts, and the selection of all or anyone is allowed.

...

  • The Remediation category has the Remediation categoryGroup, selection of Remediation by Company OR Remediation by Assets OR Remediation by Product OR Remediation by Product(grouped by a fix), Remediation by Asset and Product is allowed, and Enable Remediation for Critical and High Severity(Select any one of them).

  • For the Remediation Filters, Enable Tickets for Critical High severity Remediations, Enable Tickets for Remediations with EPSS greater than 0.95, Enable Tickets for Remediations with EPSS greater than 0.90, Enable Tickets for Remediations with EPSS greater than 0.85, Enable Tickets for Remediations with EPSS greater than 0.50

...

...

  • For the Vulnerability & Azure error category, the below-listed alert, and selection is allowed.

...

  • For the AD Audit category below-listed alerts are available and selection of all or any is allowed. (Make sure to select the needed as it will create tickets based on the events)

...

  • Once the above details are selected, click on Save.

...

  • There is an option to Edit, Delete and set as default for the Alert Rules using the Action column. The listed Alert Rule can be edited and deleted if needed.

...

  • For setting the created Event as default, select the option Set as Default.

...

  • To confirm the Set as a default action, select Yes or No in the confirmation dialogue box.

...

  • Every Category has a set of events/alerts under them which can be selected as per the requirement.

...

  • e.g. Asset category has below-listed alerts and selection of all or any is allowed.

...

  • For the Ports category, has the below-listed alerts, and the selection of all or anyone is allowed.

...

  • For the Remediation category, selection of Remediation by Company OR Remediation by Assets OR Remediation by Product is allowed. (Select any one of them)

...

...

  • For the Azure AD Audit & Unquoted service path category, the below-listed alert, and selection is allowed.

...

  • For the AD Audit categoryReports, the below-listed alerts are available and selection of all or any is allowed. (Make sure to select the needed as it will create tickets based on the events)

...

  • and selections are allowed.

...

  • Once the above details are selected, click on Save.

...

  • There is an option to Edit, Delete and set as default, for the Alert Rules using the Action column. The listed Alert Rule can be edited and deleted if needed.

...

  • Once the event is set to default, under the Is Default column, the status Yes can be seen.

...

  • There is an option to Edit, Delete, and Set as default under the Integration Rules using the Action column. The listed Integration Rule can be edited and deleted if needed.

...

  • Selected companies are shown in the image below, along with details such as Existing Company Name, Company Name, Event Set, Integration Profile, Pause Ticket Creation, Mapped Date, and Enable Configuration status.

  • Here click on Copy Settings toCopy the company mapping settings to other company mappings.

...

  • To copy the settings, select the desired company mappings and click on Update. This will copy the event set, integration profile, and ticket creation fields from the source company mapping to the selected target company mappings.

...

  • Using the Action column can edit or delete the integration mapping. Any mapping can be edited or deleted, whenever necessary.

...

This completes the documentation of WebHook Integration.