Notifications
Users can access the notifications page from the header by clicking the notifications icon, which will display unread notifications, providing a quick overview of alerts that require attention. Clicking the See all notifications link redirects users to the notifications page, where they can view all notifications.
A table on the notifications page displays all notifications, separated in columns by Type, Time, and Notification. The Type column indicates the type of notification. The Time column displays the timestamp of the notification, indicating when the event occurred. The Notification column provides a brief description of the event, such as a classification change from unknown to malicious.
Filtering options are available to help users quickly find relevant information. Notifications can be filtered by period, allowing users to view alerts from the last hour, day, week, month, or all time. Users can also filter by read status, distinguishing between read and unread notifications, or filter by classification change, narrowing the results to classification changes where a sample was marked as unknown, malicious, suspicious, or goodware.
Clicking on the hash value within the alert redirects users to the Dashboard > Analytics > Detections Overview table, providing additional context and information about the sample.
The Mark All as Read button allows users to clear unread notifications by marking them as read. This can be used to quickly clear the notification list and focus on new alerts as they arrive.
Filter by Period
The filter by period option allows users to view notifications from the last hour, day, week, month, or all time. This can be used to quickly identify recent alerts and track changes in the classification status.
Filter by Read Status
The filter by read status option allows users to distinguish between read and unread notifications. This can be used to quickly identify new alerts that require attention or to review previously read notifications for additional context.
Filter by Classification Change
The filter by classification change option allows users to narrow results to classification changes where a sample was marked as unknown, malicious, suspicious, or goodware. This can be used to track changes in classification status and identify samples that have been updated or reclassified.
Notification Settings
The notification settings page allows users to configure and manage custom notification rules for tracking classification changes. The page provides an overview of existing notifications, displaying their Name, Type, associated Alert type, Description, and Action. Users can navigate through the list using pagination controls and adjust the number of rows displayed per page. If no notifications are configured, the table remains empty.
A button labeled Add Notification in the upper-right corner allows users to create new notification rules.
Adding a Notification
To add a new notification, users must first specify a name, description, and select a notification type. When choosing classification changes, users can define the conditions by selecting the original classification (classification changes from) and the new classification (classification changes to) that will be used to trigger the notifications.
Users can also also choose the delivery method, including E-mail, Splunk, or Syslog, to ensure alerts are sent through the appropriate channels.
-
E-mail delivery method requires users to enter the recipients' email addresses and select the desired notification frequency.
-
Splunk delivery method requires users to enter the Splunk protocol (
http
orhttps
), host, port, and token. -
Syslog delivery method requires users to enter the Syslog server, port, protocol (
UDP
orTCP
), tag, and priority level.
Manage Profiles
The Profile section allows users to manage their personal information and credentials. It includes fields for First Name, Last Name, and Email Address. Users can update their password by entering a new password, repeating the new password, and providing their current password for verification. These options ensure users can securely manage their account settings within the notification system.