...
To rock your filters like a Zen Master, go here.
Notification Delivery API
...
Field Name | Details |
---|---|
Id | Ignore - internal reference; you can ignore |
Notification Delivery Name | This is required and is the name you would like to give to the Notification Delivery. |
Enabled | Whether this Notification Delivery is Enabled, it’s disabled by default. |
Note | This is a multi-line field that you can leave a note for someone about this Notification Delivery. Putting who to contact, who owns this Notification Delivery, and other details could really help other people and new hires. Especially things like Slack, where when a person leaves, the permissions can go completely bat crazy. |
Notification Delivery Expiry | Future feature: To expire this Notification Delivery after a certain amount of time has expired. |
Company Name | This will be your Company Name by default if you don’t set it. If you manage Partners or other companies, you can select where this Notification Group gets created. |
Notification Delivery Role | Future - this will allow you to have different people editing this Notification Delivery. |
Notification Type | |
Figure 3a, Email Settings As explanatory as putting your seat belt on in the plane, just put it in the email to receive your notifications. Make sure notifications@ctci.ai is allowed. | |
Slack | Figure 3b, Slack Settings With Slack, the channel name is optional. This is if you want it to go to a different channel than the webhook but has the same permissions. Most users will use the webhook link; however, we supported the channel name supported in their API. |
Teams | Figure 3b, Teams Settings With teams, there is only a webhook. Unlike Slack, you cannot override the channel to which you send the messages. |
Jira | Figure 3b, Jira Settings This is the Jira setting; every value is compulsory. We support Jira Cloud and external Internet-facing Jiras. If you have on-premise, then there is an easy way to do this by scheduling a python program to get the list and create the tickets in Jira. (See section below for how to setup Jira to handle CEWL notification) |
Webhook | Future - Backend is working. If you want to do Webhook, we can set this up for you in the backend. |
We now send the Delivery Id and the Delivery name with the notification as well as the company, notification group, and notification filter.
Anchor | ||||
---|---|---|---|---|
|
Jira is great at workflow, CEWL is great at what threat actors are doing, and we think they make a great match.
...
Info |
---|
Note on Testing Notification Delivery The success and failure message is only if it could be sent. So if the email is valid, it is only checking the first hop of sending the email, not on the delivery; the same goes for Slack, Teams, Webhook, and Jira. If you have selected One message per item, we will send multiple messages. Otherwise, the test Notification Delivery will send a few of the last CVEs as one formatted message. |
We now support testing sending a specific CVE. Just enter the CVE in the “CVE to Deliver” text box and hit the “Deliver CVE button”
...
Formatting a Notification Delivery
Slack, Teams, and such support really cool formatting - blows my mind, how cool you can make stuff nowadays - I still love the lynx browser. If you really want a template with field substitution, then let us know. Our API has a template passed, but there is no way to set it today.
Formatting a Notification Delivery
Slack, Teams, and such support really cool formatting - blows my mind, how cool you can make stuff nowadays - I still love the lynx browser. If you really want a template with field substitution, then let us know. Our API has a template passed, but there is no way to set it today.
...