Create a notification rule if you want to receive a notification when new detections become active on your ExtraHop system.
When a detection type status in the detection catalog is set to Active, a notification is sent with information about the detection including the detection type and detection status. The notification will also include the dates that the detection was released and last updated if those dates are available.
Before you begin
- Users must be granted NDR or NPM module access and have full-write privileges or higher to complete the tasks in this guide.
- The ExtraHop system must be connected to ExtraHop Cloud Services to send notifications through email.
- Email notifications are sent from email@example.com. Make sure to add this address to your list of allowed senders.
- Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
- Click the System Settings icon and then click Notification Rules.
- Click Create.
- Type a unique name for the notification rule in the Name field.
- In the Description field, add information about the notification rule.
In the Event Type section, select one of the following options:
- For NDR detection catalog updates, select Security Detection Catalog (requires NDR module access).
- For NPM detection catalog updates, select Performance Detection Catalog (requires NPM module access).
- Specify individual email addresses, separated by a comma.
- In the Options section, click the Enable notification rule checkbox to enable the notification.
- Click Save.