Notifications show how and when notifications of findings are sent. You can select to send Findings by secure email, AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. SNS, or forward them to the Events dashboard.

Notifications are included in all types of policies to issue messages of findings of misconfiguration and threats. You can use the same Notification for different types of policies. In addition, more than one Notification can be included in a policy to point findings to multiple targets.

Notification Types

Notifications have different ways to indicate new findings. This includes email reports, compliance reports, SNS notifications, and messages to external ticketing systems such as ServiceNow, JSONClosed JavaScript Object Notation. A lightweight data interchange format., Sumo Logic, PagerDuty, or Jira with HTTP endpoints.

You can select these types of reports for Notifications:

  • Summary Report shows you the results score for each of your environments and compares it to the results in the previous report. In addition, it shows an aggregated result for all your accounts. It is sent by email.

  • Executive Summary Report allows you to see the status of your environments and assets based on the results of the last assessment. This report focuses on a specific ruleset and its assessment results in multiple environments on one cloud platform. It presents this information:

    • The environments with the highest number of severity findings

    • The distribution of assets that passed or failed the test

    • The test score

    • The number of failed tests sorted by the rule severity

  • Detailed Report shows you, in addition to the information in the summary report, details for each failed test. It shows new or changed findings because the previous report and lists findings from previous reports that were resolved. This provides a complete picture of the compliance posture of your cloud environments and an indication of progress in resolving open issues. It is sent by email.

Misconfigured Notifications

CloudGuard can block notifications for Continuous Posture if it finds the notification misconfiguration or incorrect functioning.

If the Compliance Engine encounters several failures when it sends a finding to a Notification target (for example, an SNS queue or an HTTP endpoint), it blocks the target for a period of six hours. During this time, CloudGuard does not send notifications to this target. It does not block other targets in the same notification. After six hours, the engine automatically removes the block but applies it again immediately if different failures occur.

To resolve a misconfigured notification:

  1. Navigate to Settings > Notifications. The Status column shows notifications that have problems.

  2. Click the notification name to open it and see the details of the problem:

  3. Resolve the problem with the target and click Validate. CloudGuard validates the channel and clears the block.

How to Configure a Notification

Notifications show what compliance findings are sent out, when and how they are sent out, and to whom. You can create many notifications and associate them with a ruleset or environment to customize the notification of Posture Management issues based on your needs.

  1. Navigate to the Notifications page in the Settings menu. This shows a list of all your Notifications.

  2. Click Add Notification. The Create New Notification window opens.

  3. Enter a name and description for the notification.

  4. Select the notification options:

    • Alerts Console - Send findings for this notification to the Events page.

    • Scheduled Report - Send a report to email recipients at regular periods (for Compliance and Intelligence events only). Select the time, frequency, type of report, and a list of email recipients for the report. You can set a custom schedule. For this, enter a cron expression.

      Report types:

    • Add Filter - Select the events applicable to this notification. You can select Entity Names, Entity IDs, Tags, and Severity as a filter criteria.

      Note - Use % as a wildcard for Entity Names and Entity IDs filters, for example "%son", "son%", or "%son%".

    • Immediate Notification - Send new or changed findings immediately to one or more of the given destinations:

      • Email notifications - By email, to a list of email recipients. You can receive a report with changes from the previous assessment or get a message for each finding.

      • SNS notifications - To an AWS SNS topic; enter the ARNClosed Amazon Resource Names (ARNs) uniquely identify AWS resources. They are required to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls. for the AWS SNS topic and select the format for the notification:

        • JSON - Full entity includes details of the finding and full attributes (as CloudGuard maintains) for the entity in the finding, in JSON format

        • JSON - Basic entity includes details of the finding and several attributes for the entity, such as the entity ID, in JSON format

        • Plain text includes details of the finding and several attributes for the entity, such as the entity ID, in TXT format

        After you enter the ARN, click Send Test Message to test the connection.

      • HTTP Endpoint - To an HTTP endpoint for third-party applications.

        Enter the URL for the endpoint, select the authentication procedure and, for Basic authentication, enter the username and password.

        Select the format of the notification from these options:

        • JSON - Full entity - For a third-party application.

        • Splunk - JSON - For Splunk endpoints.

        • ServiceNow - For ServiceNow endpoints.

        • Sumo Logic - For Sumo Logic.

        • Jira - For Jira.

        Select Ignore certificate validation if you work with self-signed certificates. This state is typical only for development and integration environments and is not recommended for production environments.

        Notifications to HTTP endpoints are issued from one of these fixed IP addresses:,, or

      • Slack channel - Send a report summary to a Slack channel.

      • Teams channel - Send a report summary to a Teams channel.

        Note - You can use Slack and Teams channel destinations for Compliance events only.

    • Security Management Systems - Send notifications to a security management system, such as the AWS Security Hub or the GCPClosed Google® Cloud Platform - a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube. Security Command Center.

    • Issue Management Systems - Send notifications to an external ticketing system, such as PageDuty.

      • Select PagerDuty.

      • Enter the Routing API Key.

  5. Click Save. The new notification appears in the list of notifications.