Notifications

1. In the CloudGuard UI, from the left menu, click Integration Hub.

2. Click the external service you want to integrate (for example: Microsoft Teams).

   A sliding window opens.

3. In the sliding window, click Add.

4. Enter the required information from the external service.

5. Click Save.

For more information, see Integration Hub.

1. Navigate to Settings > Configuration > Notifications.

   A list of notifications appears.

2. Click Add.

   The Create New Notification window opens.

3. Enter a unique Name and a Description for the notification.

4. To schedule CloudGuard to send scheduled reports, in the Schedule Report section select Email scheduled reports and fill the relevant fields. To schedule CloudGuard to send reports on a custom schedule, see Appendix: How to schedule reports on a custom schedule

5. To configure CloudGuard to send information findings as soon as CloudGuard detects changes in your environment:

   1. In the Immediate Notification section, select a notification type. Use the Filter bar to send notifications only about certain kinds of findings. For example, you can create an immediate notification only for Critical findings.

      Note - Some notification types apply for all findings (for example: Email notification per newly created finding). Other notification types apply only to specific types of findings (for example: CSPM- Summary report to Teams channel applies only to CSPM findings).

   2. Select a configuration of an integration.

      Note - If there is no configuration of a specific integration (for example: there is no configuration of a Microsoft Teams integration), select Add new configuration. Then, create the configuration in the sliding window. For more information, see Integration Hub.

      Note - It is not possible to select more than one configuration of the same integration type. For example, it is not possible to select more than one Microsoft Teams configuration.

   3. Optional - Select more notification types and integrations to add to the notification.

6. Click Save.

   The new notification appears in the list of notifications.

1. From the left menu, navigate to one of these screens:

   • CSPM > Continuous Posture

   • CIEM > Policies

   • Workload Protection > Admission Control > Policies

   • CDR > Manage Policies

2. Do one of these:

   • To create a new policy, in the top right click Add Policy > select the policy type.

   • To edit a policy, select the checkbox to the left of the policy > click Edit.

   The Add Policy or Edit Policy wizard window opens.

3. Optional - To create a new notification, in the Notifications Selection step of the wizard, click Add Notification. In the Create New Notification window that opens, follow the procedure in Step 2: Create a notification.

4. In the Notification Select step of the wizard, select one or more notifications.

   Important - Select only notifications that are relevant to the policy. For example, CIEM Notifications - Email is relevant to CIEM, but it is not relevant to CSPM.

5. Finish the wizard.

In the Create New Notification window > Schedule Report section, you can use the dropdown menus to configure CloudGuard to send reports daily, weekly, or monthly at a specific time of day. You can use a cron expression to configure CloudGuard to send reports on a custom schedule.

A 7-digit cron expression contains seven fields. To leave a field blank, enter an asterisk (*).

Cron Expression Fields (from left to right)

Cron Expression Special Characters

Cron Expression Examples

To use a Cron Expression to schedule a report:

1. In the Create New Notification window > Schedule Report section, select Custom.

2. In the Enter cron expression field, enter a cron expression.

3. Finish configuring the notification.

1. In the CloudGuard UI, navigate to one of the supported policies.

2. Select the policy that you want to synchronize and click Send all alerts.

3. Select the notification type and name from those attached to the policy and click Send.

1. In the CloudGuard UI, navigate to Settings > Configuration > Notifications.

   A yellow exclamation point icon appears in the Status column to show that a notification is misconfigured.

2. Click the name of the notification to open it.

   The problem is highlighted in red.

3. Click Open Configuration.

   A sliding window opens for the integration (for example: Microsoft Teams).

4. Select the relevant configuration of the integration (for example: a Microsoft Teams configuration that you named teams_integration_1).

5. Click Test.

   If the test fails, an error message describes the problem.

6. Fix the problem.

   CloudGuard test the integration.

7. After a successful test, click Save.

8. In the notification window, click Validate.

9. Click Save.