Skip to main content

Notifications

An important part of maintaining a good security posture is represented by notifications. Cyscale gives you two notification flavors, personal and via configured notification channels.

Personal Notifications

Personal notifications are the ones that you receive in your email inbox. Cyscale sends these individually to each user of the account, thus allowing members to control their notification preferences.

You can customize which notifications you want to receive from the My Profile page.

Currently, Cyscale has the following notification types:

  • Security Posture - a weekly digest with the security posture (high/medium/low risk asset count and their trend compared to the previous digest)
  • Alerts - Cyscale sends alert notifications whenever it finds new vulnerabilities. Due to how the assessment process takes place, Cyscale will batch all alerts for a given connector in a single email.

Notification Channels

Cyscale also enables you to receive alerts on Slack, Teams, and via Webhook. You can configure up to 10 notification channels and up to 3 notification channels for each provider (e.g., you can have up to 3 Slack notification channels).

Whenever Cyscale creates new alerts for a given connector, it will batch and send them as a platform-specific message such as the Teams example below:

Alerts via Teams Notification Channel

Microsoft Teams Integration

In order for Cyscale to be able to send you notifications via Teams, you have to configure an incoming webhook connector on the Teams channel where Cyscale should send the messages. For the exact steps, consult the Microsoft documentation.

Once you have the webhook URL, go to Notification Channels (from the top-right menu) and press the plus sign next to Microsoft Teams. Give it a descriptive name and description (optional) and paste in the webhook URL. You can make sure that the integration works by pressing Test Connection which tells Cyscale to send you the following message “This message confirms you've properly configured Microsoft Teams notifications in Cyscale”.

Slack Integration

In order for Cyscale to be able to send you notifications via Slack, you have to configure a Slack app with incoming webhooks enabled. For the exact steps, consult the Slack documentation.

Once you have the webhook URL, go to Notification Channels (from the top-right menu) and press the plus sign next to Slack. Give it a descriptive name and description (optional) and paste in the webhook URL. You can make sure that the integration works by pressing Test Connection which tells Cyscale to send you the following message “This message confirms you've properly configured Slack notifications in Cyscale”.

Webhook Integration

If you want Cyscale to push alerts directly to your endpoint, you can configure a webhook. Whenever Cyscale creates new alerts, it will send to your endpoint an array with them. See the example below:

[
{
"createdAtTimestamp": "2022-02-25T13:24:00.0Z",
"lastSeenAtTimestamp": "2022-02-25T13:24:00.0Z",
"resolvedAtTimestamp": "0001-01-01T00:00:00Z",
"accountID": "a8512186-f8ff-45c7-9ebb-a4752f405da2",
"controlName": "Ensure log metric filter and alerts exist for Custom Role changes",
"controlID": "eac85ccf-f169-4236-97f0-28c7b2167289",
"status": "open",
"cloudProvider": "gcp",
"cloudAccountName": "Cyscale GCP",
"cloudAccountID": "61bc4a6d72146f226120c37d",
"severity": "low"
},
{
"createdAtTimestamp": "2022-02-25T13:24:00.0Z",
"lastSeenAtTimestamp": "2022-02-25T13:24:00.0Z",
"resolvedAtTimestamp": "0001-01-01T00:00:00Z",
"accountID": "a8512186-f8ff-45c7-9ebb-a4752f405da2",
"controlName": "Ensure the default firewall does not have any default rules besides http and https",
"controlID": "5931d1d0-5bcb-4b6f-a65a-c18295e94b38",
"status": "open",
"assetName": "default-allow-rdp",
"assetID": "ce90ed4a-6b07-46b4-bb02-d1f6ef7953b1",
"assetType": "FirewallRule",
"assetCategory": "SecurityNetwork",
"cloudProvider": "gcp",
"cloudAccountName": "Cyscale GCP",
"cloudAccountID": "61bc4a6d72146f226120c37d",
"severity": "medium"
}
]

Note that some alerts might not contain asset-related fields since they cannot be associated with a specific asset.

The severity of the alerts can be low, medium, or high and the status can be open or resolved (however, Cyscale sends only open alerts for now).

Note that resolvedAtTimestamp is always “0001-01-01T00:00:00Z" since Cyscale sends only newly created alerts - they are not resolved by definition.