Setting up scan alerts
When a scan is in progress, you may want to know as soon as possible if certain things happen. For example, you may want to know when the scan finds a severe or critical vulnerability or if the scan stops unexpectedly. You can have the application alert you about scan events that are particularly important to you.
This feature is not a required part of the site configuration, but it's a convenient way to keep track of your scan when you don't have access to the Security Console Web interface or are simply not checking activity on the console.
Alerts are sent in cleartext and are not encrypted.
If you want to add an alert for an existing site, click that site's Edit icon in the Sites table on the Home page.
If you want to add an alert while creating a new site, click the Create site button on the Home page. OR Click the Create tab at the top of the page and then select Site from the drop-down list.
To set up alerts:
- Click the Alerts tab of the Site Configuration.
- Click Create alert. The New Alert form appears.
- The Enable check box is selected by default to ensure that an alert is generated. You can clear the check box at any time to disable the alert if you prefer not to receive that alert temporarily without having to delete it.
- Enter a name for the alert.
- Enter a value in the Maximum Alerts to Send field if you want to limit the number of this type of alert that you receive during the scan.
- Select the check boxes for types of events that you want to generate alerts for. For example, if you select Paused and Resumed, an alert is generated every time the application pauses or resumes a scan.
- Select a severity level for vulnerabilities that you want to generate alerts for. For information about severity levels, see Viewing active vulnerabilities .
- Select the Confirmed, Unconfirmed, and Potential check boxes to receive those alerts.
If a vulnerability can be verified, a “confirmed” vulnerability is reported. If the system is unable to verify a vulnerability known to be associated with that asset, it reports an “unconfirmed” or “potential” vulnerability. The difference between these latter two classifications is the level of probability. Unconfirmed vulnerabilities are more likely to exist than potential ones, based on the asset’s profile.
- Select a notification method from the drop-down box. Alerts can be sent via SMTP e-mail, SNMP message, or Syslog message. Your selection will control which additional fields appear below this box.
Specifying multiple recipients with SMTP
The Recipient E-mail Addresses field can accommodate multiple entries. Validation requirements are as follows:
- At least one recipient must be specified.
- Each recipient must be a valid e-mail address.
- Multiple recipients must be delimited by either a comma or a new line.
Alerts work best when they are targeted and setting multiple can feel overwhelming.