Customizing Notifications using Notification Templates

ZeroNorth Experts
,
1

The related KB article Set Up Notifications About a Target-level Issue describes setting up Notifications for Target-level Issues detections (and remediation detections). This article describes a feature that allows customizing for content and format of those Notifications.

Overview

Customized Notifications use a set of Notification Templates defined at the customer account level. A ZeroNorth platform user with admin privileges can define these templates for Notification methods such as email, Slack, Jira, etc. Once defined, the templates are used for all future Notifications of the matching type.

By using Notification Templates, you can control the amount and the nature of the information conveyed via the Notifications, allowing your organization to fine tune of the use of the Notifications for your issues tracking and remediation.

Prerequisites

  • Access to the ZeroNorth platform.
  • A user with admin privileges.
  • Connectivity from the ZeroNorth platform to the Notification Targets such as your Jira account/server, Azure Teams account/server, etc.

Setting up Notification Templates

  1. Go to znADM > Customer Settings .
  2. Click Add Setting .
  3. Select Setting Type . The available types are:
  • Azure Notification
  • Email Notification Digest (one summary email per Policy run)
  • Jira Notification
  • Slack Notification Footer
  • Slack Notification Header
  • Slack Remediation Notification Footer
  • SlackRemediation Notification Header
  • SlackRemediation Notification Issue
  1. Study the Example Template and the list of Available Variables . Currently, only details from the Synthetic Issues are available.
  2. At the bottom of the page, create your Template in the Template text box. As you edit the Template text box, the Example Template Render text box to right will provide a real-time render sample as well as any syntax errors/warnings:

image
image759×340 46.1 KB

  1. When finished, click Save .

Testing

Notifications are triggered ONLY for net new detections. The best way to simulate this condition is to use a new Target and a new Policy . Use the instructions in the related article Set Up Notifications About a Target-level Issue to set up a new Notification for your new Target/Policy.

HINT: include an email Notification to yourself so that you know that Notifications being triggered.

When done with the testing and you want to delete the Policy and the Target, be sure to also delete the associated Issues from the Target.

Limitations

  • Only one set of templates per Notification type per customer account.
  • Issue details from the Refined Issues (e.g. file instances) are not yet available.