The Notifications page, listed under Manage in the Alert Logic console, offers a consolidated view of your notifications. The list includes all notifications created in your account. You can create, view, and manage notifications of all types from this page.
The main panel on the right summarizes your notifications and organizes them in these tabs:
- Alert Notifications—Lists alert-based notifications such as incidents and log correlation observations. You can create a notification, and you can filter and search the list.
- Schedules—Lists notifications for scheduled activities, such as scheduled reports. You can create a schedule, and you can filter and search the list.
Create any type of notification
One way to create a notification of any type is directly from the Notifications page. You can create notifications from other pages according to notification type:
- For incidents, you can also create a notification from the Incidents page. For more information, see Incident Notifications.
- For observations, you can also create a notification from the Search page (Log Search tab or Correlations tab) during the process of creating the correlation or by editing an existing correlation listed on the Correlations tab. For more information, see Correlations and Notifications and Observation Notifications.
- For health exposures, you can also create a notification from the Health page. For more information, see Health.
- For scheduled reports, you can also schedule the report and subscribe notification recipients from the Reports page. For more information, see Scheduled Reports and Notifications.
- For scheduled File Integrity Monitoring (FIM) searches, you can schedule a search and subscribe notification recipients from the Notifications page. For more information, see File Integrity Monitoring Search Notification.
From the Alert Notifications tab on the Notifications page, you can click the add icon () to create these types of notifications:
- Observation—Select this type to create a notification for observations generated by a log correlation rule. An observation means that Alert Logic observed an occurrence of your log correlation. For more information about setting up the notification, see Start creating a correlation.The Observation option redirects you from the Notifications page to the Correlations tab on the Search page. From there you can add the notification to an existing correlation or create the correlation for which to be notified.
- Incident—Select this type to create a notification for incidents that meet specific criteria, such as threat level. For more information about setting up the notification, see Create an incident notification.
- Health — Select this type to create a notification for health exposures that meet specific criteria, such as a collection asset going offline. For more information about setting up the notification, see Create a Health Notification.
From the Schedules tab on the Notifications page, you can click the add icon () to create these types of schedules:
- Schedule Report— Select this type to schedule a report to run periodically. When the report is generated, Alert Logic sends a notification to subscribed recipients. For more information about setting up the scheduled report notification, see Create a report schedule and notification.
The Schedule Report option redirects you from the Notifications page to the Reports page to set up the report you want to schedule.
- Schedule a FIM Search—Select this type to schedule a File Integrity Monitoring (FIM) search to run a weekly or monthly search of changes to your FIM setups. When the search is complete, Alert Logic sends a notification to subscribed recipients. For more information about setting up the scheduled search, see File Integrity Monitoring Search Notification.
The Notifications page displays all notifications for your accounts and the accounts you manage. When you display active or inactive notifications, you can apply additional filters to those notifications.
Filters vary according to the notification type. As you make selections, the list of available filters changes further.
Filters available for all notification types include:
- Subscribed User
- Subscribed Connector
If you select the Alert Notifications tab, these filters are also available:
- Threat Level
- Escalation Status
To filter the notifications list:
- In the left navigation, click the notification status of interest:
- Inactive (notification is saved but not turned on)
- Click any of the filters to further narrow the list. Available filters vary according to the notifications in your environment and filters you select.
- To search for a filter, type a filter value in search filters.
- To clear filters and start over, delete text typed in search filters (if applicable) or click CLEAR ALL FILTERS.
Alert Logic groups your alert notifications by type and sorts them by name within each grouping. Alert Logic sorts your schedules by name.
You can group and sort the notifications by other criteria. The options available vary according to the notification type and the filters applied.
To organize your notifications:
- To change the grouping, click Group by, and then click the option you want.
- To change the way the list of alert notifications is sorted within each grouping, click Sort by, and then click the option you want. Available options include Name, Create Time, and Updated Time.
You can use the search bar to filter the list to include only notifications that contain specific words in important fields, like the notification name.
In the notifications list, click the icon next to each notification that you want to delete. On the bottom of the page, click the DELETE icon.
If you want to delete all notifications currently listed, select the check box at the top of the list. On the bar that appears at the bottom of the page, click the DELETE icon.
You can edit a notification from the notifications list. For example, you can:
- Make the notification active or inactive
- Change notification filters
- Subscribe or unsubscribe users or a connector
- Change delivery options
To edit a notification:
- In the notifications list, click the icon next to the notification that you want to edit.
- On the bottom of the page, click the EDIT icon.
- In the Edit page, change any of the settings.
You can view the details about a specific notification. The detail view includes information such as:
- Date a notification that met the criteria was last sent
- Name of the user who created and last modified the notification, and the dates
- Notification criteria
- Subscribed users and/or a connector
- Delivery options
To view details about a notification:
In the Notifications page, click View next to the notification you want to see. When you are finished viewing notification details, click Hide.
To delete a notification:
In the Notifications page, to the right of the notification you want to delete, click View. Toward the bottom of the detail view, click the DELETE icon.
To edit a notification:
- In the Notifications page, to the right of the notification you want to edit, click View.
- Toward the bottom of the detail view, click the EDIT icon.
- In the editing page, change any of the settings.
View additional report schedule details
For a scheduled report notification, you can view the interactive report associated with the notification schedule. You can also view the list of reports previously generated by the schedule.
To view the interactive report related to a schedule:
In the Notifications page, to the right of the report schedule, click View. Toward the bottom of the detail view, click the INTERACTIVE REPORT icon.
The report from which the schedule was created opens with the report criteria selected.
To open a list of reports generated by a schedule:
In the Notifications page, to the right of the report schedule, click View. Toward the bottom of the detail view, click the PAST REPORTS icon.
The Downloads page opens with the list filtered to display the reports generated by the schedule.
View additional search schedule details
For scheduled searches, you can view the list of searches previously conducted by the schedule.
To open a list of FIM searches completed by a schedule:
In the Notifications page, to the right of the scheduled FIM search, click View. Toward the bottom of the detail view, click the PAST SEARCHES icon.
The Downloads page opens with the list filtered to display the searches conducted by the schedule.
The Notifications page lists all notifications created in your customer account.
For a managing (parent) account, the list includes notifications for:
- Managing account
- Managed (child) accounts, if the notification was created in the parent account
In a managed account, the notifications list:
- Includes only notifications created in that account
- Does not include notifications created in a managing account
- Does not include notifications created in another managed account
You can manage the notification settings of others—including subscribing other users or a connector—only if your user account has one of the following user roles:
- Power User
Users maintain the ability to modify any changes you make to their notifications.
Notifications belong to the customer account where they are created. If you manage other accounts and want to subscribe users in a managed account, you need to switch to the users' account.
You can set up a user account and designate it as "Notification Target Only," which means it exists only for email notifications. You can use this notification target to receive and store notifications for later review, or you can use a distribution list as the contact email so multiple people get the emails. For more information see Create a user account as a notification target.