Notification Groups
A notification group can be thought of as a group of filters under an easy-to-understand name. This notification group name can be; however you want to split up your organization, sometimes you may want the notification group to be based on a department, such as Network Department, some areas it might make sense to be functional like Payment processing, you might want to make it product-focused like Line of Business (LoB) application. They can overlap. It’s just a naming; nothing restricts you from having non-overlapping filters and such. If you are SQL inclined, a notification group has 1 or more filters from an entity-relationship model.
An example
For example, you might want to have a notification group for the network team. The network team has many different products, and they need to go to different support teams.
In this example, you would create a Notification Group called “Network Team” and say they have Cisco products that they support internally and Palo Alto Network products that external group support. Internally, they use Slack, and externally they use email.
Then add filters for the different products and such.
Such as these filters:
Filter 1, "Internal Network Team": vendor=”cisco”with delivery to their Slack Channel “cisco_support.”
Filter 2, "External Network Team": vendor.str.startswith(”palo”) with delivery as email to an external network support team email, example_support@somenetworksupportcompany.com.
Some important considerations
When should I have a separate filter? For a few different reasons:
That you want to send different results to different groups, that is, your filter needs to use a different delivery mechanism, then have a separate filter for each;
You have different groups that would want to change their filter, to reduce breaking other people’s filters, we suggest giving them their own filter to change; and
That you exceed over 4K characters for the filter. Break it up into smaller filters.
FIlters can overlap. You could have the filter repeated, going to different delivery locations - email, slack, webhook, etc.
Please NOTE
A notification group is a group of filters. The notification group delivery can be overridden at the filter level. If you want to get all the new CEWL entries notified to the notification group default delivery/email, then create a filter, call it something like “Catch all CVEs added to CEWL”, then have the filter field as empty. This filter then will catch all add CVEs and then send them to your default delivery defined at the notification group level.
Some useful links:
To rock your filters like a Zen Master, go here.
Notification Group API
Please refer to swagger.ctci.ai for more details.
Notification Groups within the CTCI Portal
Select the menu option Notification Group.
Figure 1, Notification Group Menu Option
The Notification Group icon is a bell icon. If you haven’t added a Notification Group, your page should look something like this, a message saying No Notification Groups yet, and a button to create a Notification Group. Please see the figure below:
Figure 2, Notification Group Create Page
The Notification Group Create page below has several fields.
Figure 3, Create a new Notification Group.
The Id is the internal reference to this notification group. The Save button is self-explanatory. The back button goes back to the list of Notification Groups.
Field Name | Details |
|---|---|
Id | Ignore - internal reference |
Notification Group Name | This is required and is the name you would like to give to the Notification Group. |
Enabled | Whether this Notification Group is Enabled, it’s disabled by default. |
Note | This is a multi-line field that you can leave a note for someone about this Notification Group. Putting who to contact, who owns this Notification Group, and other details could really help other people and new hires. |
Notification Group Expiry | Future feature: To expire this Notification Group after a certain amount of time has expired. |
Company Name | This will be your Company Name by default if you don’t set it. If you manage Partners or other companies, you can select where this Notification Group gets created. |
Notification Group Permissions | Future - this will allow you to have different people editing this Notification Group. |
Default Sending Values |
|
Default Notification Group Email | If filters don’t have anything set, they will use this email. |
Default Send per Item | This for whether you want a new email/JIRA Ticket/Slack/Teams/etc. Entry per new CVE or have them bundled into one entry. Some companies want a new Jira Ticket per entry, and some want the other way. With our method, you can do whichever way works for your organization. |
Notification Schedule | Future - instead of sending the notification the instant we add it to the list, you can set it to some other schedule. |
Default Notification Delivery | If a filter doesn’t have a Notification Delivery sent, then it defaults to this. Otherwise, it defaults to Default Notification Group Email. |
How to Edit a Notification Group
Go to the list of Notification Groups by clicking on the Notification Group Button, as mentioned in Figure 1.
Click on one of the entries.
Figure 4, Select a Notification Group to Show / Edit
The next page shown will be the show page. It shows all the details. To Edit, you must select the edit page. We do this because if people have the audit role, they can only show and not edit, and by default, once the filter is set, it should be mainly viewing it then editing it. This will reduce accident changes.
Figure 5, Edit a Notification Group
The Notification Delivery will have a dropdown where once you have created Notification Deliveries, you can make them the default for your Notification Group.
Delete a Notification Group
Two ways to do it. Within the edit page, see the icon above in Figure 5, Choosing to Notification Group, and in list view, select the checkbox and scroll all the way right, and you will see a Delete icon. See Figure 6 below.
Figure 6, Deleting A Notification Group