Manage Notifications

The Notifications page, listed under Manage in the Alert Logic console, offers a consolidated view of your notifications. The list includes all notifications created in your account. You can create, view, and manage notifications of all types from this page.

The main panel on the right summarizes your notifications and organizes them in these tabs:

Alert Notifications—Lists alert-based notifications such as incidents and log correlation observations. You can create a notification, and you can filter and search the list.
Schedules—Lists notifications for scheduled activities, such as scheduled reports. You can create a schedule, and you can filter and search the list.

Create any type of notification

One way to create a notification is directly from the Notifications page. You can create notifications from other pages according to notification type:

For incidents, you can also create a notification from the Incidents page. For more information, see Incident Notifications.
For observations, you can also create a notification from the Search page (Log Search tab or Correlations tab) during the process of creating the correlation or by editing an existing correlation listed on the Correlations tab. For more information, see Correlations and Notifications and Observation Notifications.
For health exposures, you can also create a notification from the Health page. For more information, see Health Notifications.
For scheduled reports, you can also schedule the report and subscribe notification recipients from the Reports page. For more information, see Scheduled Reports and Notifications.

Alert Notifications

From the Alert Notifications tab on the Notifications page, you can click the add icon () to create these types of notifications:

Observation—Select this type to create a notification for observations generated by a log correlation rule. An observation means that Alert Logic observed an occurrence of your log correlation. For more information about setting up the notification, see Start creating a correlation.
The Observation option redirects you from the Notifications page to the Correlations tab on the Search page. From there you can add the notification to an existing correlation or create the correlation for which to be notified.
Incident—Select this type to create a notification for incidents that meet specific criteria, such as threat level. For more information about setting up the notification, see Create an incident notification.
Health — Select this type to create a notification for health exposures that meet specific criteria, such as a collection asset going offline. For more information about setting up the notification, see Create a Health Notification.

Schedules

From the Schedules tab on the Notifications page, you can click the add icon () to create these types of schedules:

Schedule Report— Select this type to schedule a report to run periodically. When the report is generated, Alert Logic sends a notification to subscribed recipients. For more information about setting up the scheduled report notification, see Create a report schedule and notification.
The Schedule Report option redirects you from the Notifications page to the Reports page to set up the report you want to schedule.
Schedule a FIM Search—Select this type to schedule a File Integrity Monitoring (FIM) search to run a weekly or monthly search of changes to your FIM setups. When the search is complete, Alert Logic sends a notification to subscribed recipients. For more information about setting up the scheduled search, see File Integrity Monitoring Search Notification.

Filter the notifications list

The Notifications page displays all notifications for your accounts and the accounts you manage. When you display active or inactive notifications, you can apply additional filters to those notifications.

Filters vary according to the notification type. As you make selections, the list of available filters changes further.

Filters available for all notification types include:

Type
Account
Subscribed User
Subscribed Templated Connection

If you select the Alert Notifications tab, these filters are also available:

Threat Level
Escalation Status

To filter the notifications list:

In the left navigation, click the notification status of interest:
- Active
- Inactive (notification is saved but not turned on)
Click any of the filters to further narrow the list. Available filters vary according to the notifications in your environment and filters you select.
To search for a filter, type a filter value in search filters.

For example, type "attack" to quickly find notifications about incidents classified as application attacks.

To clear filters and start over, delete text typed in search filters (if applicable) or click CLEAR ALL FILTERS.

Group and sort the notifications list

Alert Logic groups your alert notifications by type and sorts them by name within each grouping. Alert Logic sorts your schedules by name.

You can group and sort the notifications by other criteria. The options available vary according to the notification type and the filters applied.

To organize your notifications:

To change the grouping, click Group by, and then click the option you want.
To change the way the list of alert notifications is sorted within each grouping, click Sort by, and then click the option you want. Available options include Name, Create Time, and Updated Time.

Search the notifications list

You can use the search bar to filter the list to include only notifications that contain specific words in important fields, like the notification name.

Delete notifications

In the notifications list, click the icon next to each notification that you want to delete. On the bottom of the page, click the DELETE icon.

If you want to delete all notifications currently listed, select the check box at the top of the list. On the bar that appears at the bottom of the page, click the DELETE icon.

Edit a notification

You can edit a notification from the notifications list. For example, you can:

Make the notification active or inactive
Change notification filters
Subscribe or unsubscribe users or a templated connection
Change delivery options

To edit a notification:

In the notifications list, click the icon next to the notification that you want to edit.
On the bottom of the page, click the EDIT icon.
In the Edit page, change any of the settings.

View and manage notifications from the detail view

You can view the details about a specific notification. The detail view includes information such as:

Date a notification that met the criteria was last sent
Name of the user who created and last modified the notification, and the dates
Notification criteria
Subscribed users and/or a templated connection
Delivery options

To view details about a notification:

In the Notifications page, click View next to the notification you want to see. When you are finished viewing notification details, click Hide.

To delete a notification:

In the Notifications page, to the right of the notification you want to delete, click View. Toward the bottom of the detail view, click the DELETE icon.

To edit a notification:

In the Notifications page, to the right of the notification you want to edit, click View.
Toward the bottom of the detail view, click the EDIT icon.
In the editing page, change any of the settings.

View additional report schedule details

For a scheduled report notification, you can view the interactive report associated with the notification schedule. You can also view the list of reports previously generated by the schedule.

To view the interactive report related to a schedule:

In the Notifications page, to the right of the report schedule, click View. Toward the bottom of the detail view, click the INTERACTIVE REPORT icon.

The report from which the schedule was created opens with the report criteria selected.

To open a list of reports generated by a schedule:

In the Notifications page, to the right of the report schedule, click View. Toward the bottom of the detail view, click the PAST REPORTS icon.

The Downloads page opens with the list filtered to display the reports generated by the schedule.

View additional search schedule details

For scheduled searches, you can view the list of searches previously conducted by the schedule.

To open a list of FIM searches completed by a schedule:

In the Notifications page, to the right of the scheduled FIM search, click View. Toward the bottom of the detail view, click the PAST SEARCHES icon.

The Downloads page opens with the list filtered to display the searches conducted by the schedule.

Notifications listed

The Notifications page lists all notifications created in your customer account.

For a managing (parent) account, the list includes notifications for:

Managing account
Managed (child) accounts, if the notification was created in the parent account

In a managed account, the notifications list:

Includes only notifications created in that account
Does not include notifications created in a managing account
Does not include notifications created in another managed account

Manage notifications and subscriptions of others

You can manage the notification settings of others—including subscribing other users or a templated connection—only if your user account has one of the following user roles:

Administrator
Owner
Power User

Users maintain the ability to modify any changes you make to their notifications.

Notifications belong to the customer account where they are created. If you manage other accounts and want to subscribe users in a managed account, you need to switch to the users' account.

You can set up a user account and designate it as "Notification Target Only," which means it exists only for email notifications. You can use this notification target to receive and store notifications for later review, or you can use a distribution list as the contact email so multiple people get the emails. For more information see Create a user account as a notification target.