Notifications: Overview

Summary: A high-level overview of the Notifications feature and how Automation can assist users in prioritization and remediation.

What are Notifications?

Notifications provide users an alert that guides them to a page showing the related information for the subscribed event. Users can customize the desired level of notifications that are important to them. The Ivanti Neurons platform is processing new data inputs daily, which may include new vulnerability scans, newly published vulnerabilities, and increases to the VRR or severity scoring of existing vulnerabilities as new threats are published. The new Notifications feature will enable the users to have more acute awareness so that they can easily maintain a robust vulnerability management program.

What are Delivery Channels?

Delivery channels enable users to configure notifications to be sent to an Email, MS Teams, and Slack. Users can create and configure these delivery channels to receive messages from the platform. Channels can be enabled, disabled, or deleted on the Configured Delivery Channels section of the Notifications Preferences page. Delivery Channels can also be made global to be utilized by other users in the platform.

What kind of notifications are available?

  • Subscribe to Findings Notifications

    • New Open Critical Findings (VRR): Findings that are critical have Critical VRR due to ingestion, reopening, or new threat information.

    • New Open Critical Findings (Severity): Findings that are critical have Critical Severity due to ingestion, reopening, or scoring source adjustments.

    • New Open High Findings (VRR): Findings that have High VRR due to ingestion, reopening, or new threat information.

    • New Open High Findings (Severity): Findings that have High Severity due to ingestion, reopening, or scoring source adjustments.

    • New Open Medium Findings (VRR): Findings that have Medium VRR due to ingestion, reopening, or new threat information.

    • New Open Medium Findings (Severity): Findings that have Medium Severity due to ingestion, reopening, or new threat information.

    • New Open Low Findings (VRR): Findings that have Low VRR due to ingestion, reopening, or new threat information.

    • New Open Low Findings (Severity): Findings that have Low Severity due to ingestion, reopening, or new threat information.

    • New Open Ransomware Findings: New ransomware published or ransomware updated with new CVE associations that affect the client. New scans with ransomware. Closed finding resurfaces with ransomware.

  • Subscribe to Group Notifications

    • Change in RS³: Group RS³ is increased or decreased by a specified threshold due to data ingestion, asset moves, workflow expiration, etc.

  • Subscribe to Integration Notifications

    • Integration Status Update: Integration operation successfully completed. Integration operation failed.

  • Subscribe to Vulnerability Notifications

    • New Ransomware Vulnerability: New ransomware vulnerability published.

    • Vendor Subscription: New vulnerability associated with a specific vendor.

  • Subscribe to Workflow Notifications
    • Workflow Expiration: Workflow expiring in the near future, or the workflow has recently expired.
    • Approved Workflow Expiration: Approved Workflow expiring in the near future, or the workflow has recently expired.
    • Workflow Automation Disabled: Automated workflow stops adding findings that match its filters.
  • Subscribe to API Token Notifications
    • API Token Expiration: Upcoming or recent expiration of a user API token.

When are Notifications sent?

Notifications can be configured for delivery on event, daily, weekly, or monthly. The default settings are to send the notification immediately when the event is triggered. The On Event option will ensure that the user received the notification as soon as Ivanti Neurons is aware of the event in the platform. Additionally, users may configure the periodicity of the notification to a daily, weekly, or monthly rollup. These rollup notifications indicate all the events triggered during that period if any occurred. Rollup notifications begin processing at midnight UTC daily and continue throughout the day until all rollup notifications have been sent to the client. Weekly notifications will process each Sunday at that same time, and monthly on the first day of the month.

Who can use Notifications?

The ability to view Notification information is available to users with the Core Read IAM privilege. The ability to modify Notifications is housed in the following IAM privileges:

  • Delivery Channel Control: Make global, enable, and disable channels owned by others. Edit global delivery channels.

  • Delivery Channel Modify: Create, edit, delete, and disable their own delivery channels.

  • Notification Modify: Create and modify notifications and subscribe/unsubscribe to/from notifications.

These privileges are provided in the Administrator and Data Manager Foundational Roles, Notification Owner Supplemental Role, and Delivery Channel Owner Supplemental Role. They can also be added to a custom IAM role.

How do I start receiving notifications?

Click the Subscribe button on the corresponding notification. Clicking this button automatically creates a notification subscription for “On Event” periodicity and “In-Platform” delivery.

Notifications - Subscribe Location

A user can configure the notifications in more detail by clicking on the blue highlighted text of the Notification title or the number of configured active notices.

Notifications - Select Delivery Channel

From the Notifications Configurations page, the user can click the three-dot menu on the configuration card to Edit the available options. In the edit wizard, users are presented with the configuration choices of the notification including delivery options of when to deliver and to which delivery channel. Users can choose to change the default Deliver When from On Event to a Daily, Weekly, or Monthly rollup. The Deliver To option is set to deliver notifications to In Platform Only by default, and will automatically include the user’s Ivanti Neurons Email as a delivery channel option. Additionally, users may configure delivery channels of their own or use global channels that have been made available by client administrators.

Users may want to configure the same type of notification for multiple delivery channels, periodicities, or configurations. Users can use the New Configuration button to add another notification configuration to the list.

How do I create a delivery channel?

Click Add a Delivery Channel.

Notifications - Add a Delivery Channel Location

Enter a descriptive channel name in the Email Name field and a valid email in the Email field and click Verify Email.

Notifications - Add Delivery Channel

Verify by entering the code that was received via email.

Notifications - Verification Code