CloudGuard Dome9 Notification Policies

In this topic:

    Notification Policies indicate how and when notifications of findings are sent. Findings can be sent by secure email, AWS SNS. They can also be forwarded to the Alerts dashboard.

    Notification Policies are included in Compliance Policies and Magellan Policies, to issue notifications of findings for either of these two features. The same Notification Policy can be used for both Compliance and Magellan. In addition, more than one notification policy can be included in a Compliance or Magellan policy (directing findings to multiple targets).

    Notification types

    Notification Policies can have different types of notifications of findings. These include email reports, compliance reports, SNS notifications, and messages to external ticketing systems such as ServiceNow and PagerDuty. Reports can be executive summary reports, or detailed reports of the compliance posture of your networks.

    The following are the different types of notifications that can be selected for Notification Policies.

    Executive Summary Report

    The executive summary report will show you the results score for each of your cloud accounts, and compare it to the previous results (in the previous report). It will also show an aggregated result for all your accounts. It is sent by email.

    Detailed Report

    The detailed report will show you, in addition to the information in the summary report, details for each failed test. it will also show new or changed findings since the previous report, and list findings from previous reports that have been resolved. This will provide a complete picture of the compliance posture of your cloud environments, and an indication of progress towards resolving open issues. It is sent by email.

    Set up a Notification Policy

    Notification Policies indicate what compliance results findings are sent out, when and how they are sent out, and to whom. You can create any number of policies, and associate them with any bundle or cloud account, to customize the notification of compliance issues according to your needs.

    1. Navigate to the Notifications tab in the Compliance & Governance  or Magellan menu. This shows a list of all your Notification Policies.

    2. Click  ADD NOTIFICATION.  

    3. Enter a name and description for the policy. 

    4. Select the notification options for the policy, as follows:
      • Alerts Console - each finding for this policy will be sent to the Alerts page (in Notifications, in the Administration menu)
      • Scheduled Report - a report will be sent to email recipients regular periods. Select the time and frequency of the report, and the type (summary or detailed). Enter a list of email recipients for the report.
      • Immediate Notification - a notification will be sent for each new or changed finding. Select the type of notification.
        • For email notifications, enter a list of email recipients.
        • For SNS notifications, enter the ARN for the AWS SNS topic, and select the format for the notification:
          • JSON - Full entity includes details of the finding, and full attributes (as maintained in Dome9) for the entity in the finding, in JSON format
          • JSON  - Basic entity includes details of the finding, and a few attributes for the entity (such as the entity id), in JSON format
          • Plain text - like the Basic entity, but in plain text format.
            Click Send test message to test the connection
      • Security Management Systems - notifications will be sent to AWS Secure Hub (you must have an Secure Hub enabled in your AWS account; see here for details on configuring Dome9 as a provider for a Secure Hub).
      • Issue Management Systems - send notifications to external ticketing systems, such as ServiceNow, Jira, and PagerDuty
        1. Check Ticketing System, and select the system from the list.
        2. Enter connection details for the selected system:
          • ServiceNow - The SN domain (URL), user, and password
          • Jira - the Jira domain (URL), user, password, Project Key, and Issue Type
          • PagerDuty - the Routing API Key
        3. Click SAVE.
    5. Click Create. The new policy will appear in the list of policies.
    6. To add another policy, click +Add new policy. This will clear all the fields, after which you can enter details for a new policy.

    Email Notification Reports

    You can configure Notification Policies to send compliance results as scheduled email reports. These can be detailed reports, or executive summaries. For both options, the report contains all findings in the assessed accounts, and compares the overall results with the previous report. Reports can be configured to be generated daily, weekly, and monthly.

    Summary Report

    The summary report shows the number of passed and failed tests, and the overall score for the assessment. The overall score is the percentage of passed tests, where a test is the application of a rule to a cloud entity (such as an instance or an S3 bucket) in the account. The results are based on the most recent assessment at the time the report is generated. The report shows the results for the previous report as well, for comparison.
    CC-Report-Detailed-Summary.png

    The report also shows a breakdown per account.

    Detailed report

    The detailed report shows the summary information as well as a detailed list of findings.

    CC-Report-Detailed-Summary-failed-by-rule.png

    Send (sync) all findings

    You can manually force all findings for a compliance policy to be sent to the notification targets attached to the policy. This can be useful if you need to sync all the findings.

    1. Navigate to the Policies main page, in the Compliance & Governance menu. 
    2. Click  opposite the policy you wish to sync. 


    3. Select the notification type and policies (from those that are attached to the policy), and then click SEND.

    See also

    Continuous Compliance

    Magellan

    Alerts