Notifications
CloudGuard can send notifications in an email or through an integration with a third-party platform. Notifications show CloudGuard findings and security scores that CloudGuard assigns to your environments.
|
Notes:
|
Notification Types
You can send these types of notifications:
-
Summary Report shows you the security score for each of your environments and compares it to the results in the previous report. In addition, it shows an aggregated result for all your accounts.
-
Executive Summary Report shows the status of your environments and assets based on the results of the last test that CloudGuard performed. This report focuses on a specific ruleset for multiple environments on one cloud platform. The report includes:
-
The environments with the highest number of severity findings
-
The distribution of assets that passed or failed the test
-
The test score
-
The number of failed tests, sorted by the severity of the rule
-
-
Detailed Report shows details for each failed test. It also shows the current status of findings from the previous report. This provides a complete picture of the compliance posture of your cloud environments and an indication of progress in resolving open issues.
-
Immediate Notification sends information about a specific finding immediately after CloudGuard generates the finding.
How to Configure a Notification
Sending All Alerts
You can manually send all reports and notifications for a policy immediately. This is useful to do a security investigation or to test integrations. The Send all alerts action is supported for these policies:
-
CSPM > Continuous Posture
-
Workload Protection > Admission Control > Policies
-
Workload Protection > Vulnerabilities > Policies
Broken Notifications
If CloudGuard detects a misconfiguration or failure in an integration, it blocks the integration for six hours. After six hours, CloudGuard tries to send new notifications to the integration. Then, if CloudGuard detects a misconfiguration or failure, it blocks the integration again.