Generic HTTP notification tab

The Generic HTTP notification tab allows you to configure an HTTP or HTTPS POST to a specified URL when the enabled triggers are met on the selected appliance.

The quick search field above the list provides fast, as-you-type search. It filters the rows in the list, displaying only those rows that have text, in any field, that matches the query string.

Click the plus icon to add a notification.

The columns to be displayed in the list can be customized by clicking the additional content icon.

Customize the number of rows to be displayed. The default is 20 entries. Use the left arrow (back) and right arrow (forward) icons to navigate through multiple pages.

The Generic HTTP notification list contains the following:

Appliance

The appliance or sensor that triggers the notifications.

Click edit to edit the notification.

Click delete to delete the notification. Click the Delete button in the Delete confirmation pop-up.

Click unread to view a summary of the notification configuration. The summary is displayed in a pop-up. Click the Send test notification button to send a test. Click the Edit button to edit the notification configuration. Click cancel/close or the Close button to dismiss the pop-up.

Click heartbeat/test to send a test notification. The icon will be grayed out if the notification is disabled.

Max daily notifications

The maximum number of notifications to send within a 24 hour period.

Host

Displays the base URL of the destination host.

Path

Displays the path to the resource on the destination host.

Verify SSL

Indicates if the SSL certificate on the destination host will be verified.

HTTP proxy

Indicates if a proxy is used.

Include PCAP

Indicates if PCAP data will be included in

Format

Indicates the data format, JSON or XML, of the POST request.

Enabled

Shows True if the notification is enabled, False otherwise. Click power to toggle the enable/disable status of the notification.

Create generic HTTP notification page

On the Create Generic HTTP Notification page, fill in the following:

Appliance

The appliance or sensor that triggers the notifications. Select from the License pull-down menu:

  • All licenses Automatically selects all sensors.

  • All sensors Use the Sensor pull-down menu to select any specific sensor from any license.

  • Specific license Use the Sensor pull-down menu to select All sensors for that license or any specific sensor.

Daily limit

Select the maximum number of notifications to send within a 24 hour period. 0 (zero) means unlimited.

Timezone

Select the timezone within which daily limits are computed. By default, the current system timezone is selected.

Enable/disable notification

Click the Enabled button to toggle whether the notification will be enabled upon being saved. Notifications can be enabled or disabled at any time.

HTTP POST settings

POST URL

Specify the URL that the notification will be posted to. Select the protocol HTTPS:// or HTTP:// from pull-down menu. Specify the domainname or IP address. Enter the Port. Provide the Path (which may be a path, query strings, or both) required for the POST request to succeed.

HTTP Proxy

If Enabled, the POST request uses the configured proxy.

Verify SSL Cert

If Enabled, the SSL certificate must be valid in order for the POST request to succeed.

HTTP Source

For an On-Premises installation, select the source from the pull-down menu. Select Manager or Sensor.

Selecting Manager allows you to centralize your notification source at the Manager.

Selecting Sensor allows you to distribute the notifications across your network to the Sensor that generated the alert.

POST body format

Select the format of the body of the POST request. Select JSON or XML.

Include PCAP

If Enabled, PCAP information will be included with the notification for network events.

Triggers

Select the appropriate triggers for the notification. For more information, see About notification triggers. Also see Sensor group notifications for some caveats about notifications and sensor groups.

Appliance triggers

By default, Appliance triggers are set to Enabled.

Audit triggers

By default, Audit triggers are set to Disabled.

Network triggers

By default, Network triggers are set to Enabled.

Campaign triggers

By default, Campaign triggers are set to Disabled.

Mail triggers

By default, Mail triggers are set to Disabled.

Network IoC triggers

By default, Network IoC triggers are set to Enabled.

Intelligence triggers

By default, Intelligence triggers are set to Disabled. These triggers are only available when All licenses is selected.

Proxy sensor

For a Hosted installation, Audit and Intelligence events occur on the VMware backend. A proxy device is required to relay notifications when these triggers are Enabled. The Proxy sensor setting allows you to select one of your sensors to relay the notifications.

Select a License from the pull-down menu. Select All licenses or a specific license.

Select a Sensor from the pull-down menu.

Once the notification is properly configured, click the Save button to apply the changes. The Generic HTTP notification configuration summary pop-up is displayed. When you close it, the Generic HTTP notifications list is displayed.