Notifications

CloudGuard can send notifications in an email or through an integration with a third-party platform. Notifications show CloudGuard findings and security scores that CloudGuard assigns to your environments.

Note -

  • The Code Security feature has its own third-party integrations and sends its own notifications. To configure Code Security to send notifications, see Code Security Integrations.

  • The Toxic Combinations feature sends its own notifications. The Toxic Combinations feature uses the same third-party integrations as other CloudGuard features. Only some third-party integrations are supported for Toxic Combinations. For more information, see Action Hub.

Notification Types

You can send these types of notifications:

  • Summary Report shows you the security score for each of your environments and compares it to the results in the previous report. In addition, it shows an aggregated result for all your accounts.

  • Executive Summary Report shows the status of your environments and assets based on the results of the last test that CloudGuard performed. This report focuses on a specific ruleset for multiple environments on one cloud platform. The report includes:

    • The environments with the highest number of severity findings

    • The distribution of assets that passed or failed the test

    • The test score

    • The number of failed tests, sorted by the severity of the rule

  • Detailed Report shows details for each failed test. It also shows the current status of findings from the previous report. This provides a complete picture of the compliance posture of your cloud environments and an indication of progress in resolving open issues.

  • Immediate Notification sends information about a specific finding immediately after CloudGuard generates the finding.

How to Configure a Notification

Sending All Alerts

You can manually send all reports and notifications for a policy immediately. This is useful to do a security investigation or to test integrations. The Send all alerts action is supported for these policies:

  • CSPM > Continuous Posture

  • Workload Protection > Admission Control > Policies

  • Workload Protection > Vulnerabilities > Policies

Broken Notifications

If CloudGuard detects a misconfiguration or failure in an integration, it blocks the integration for six hours. After six hours, CloudGuard tries to send new notifications to the integration. Then, if CloudGuard detects a misconfiguration or failure, it blocks the integration again.