Notifications page

The VMware NSX Network Detection and Response can send notifications to various third party systems. Configure the required connections and triggers on the tabs of the Notifications page:

Email notifications tab — Configure email notifications for system appliances.
Generic HTTP notification tab — Configure an HTTP/HTTPS POST notification.
Reports tab — Configure and view reports that provide an overview of detections.
Streaming API tab — Configure a notification stream.
Syslog tab — Configure a SIEM appliance and/or syslog server to receive notifications.
TippingPoint tab — Configure sending notifications to a TippingPoint Security Management System (SMS).

About notification triggers

Notifications can be triggered by different classes of events.

When configuring a notification, you must specify which trigger(s) will enable notifications. Each trigger can have customized settings. When the notification is first created, a default list of triggers will be selected with default settings.

A notification will have one or more trigger groups. A trigger group is a list of triggers.

Each row that is highlighted blue is an enabled trigger. Click to toggle the trigger to disabled. Click to modify the trigger parameters.

The entire trigger group can be toggled by clicking the Enabled button in the trigger group header. This collapses the trigger group and sets all the now hidden triggers to disabled. You cannot save the notification if it has only one trigger group and you have disabled it.

Modify trigger parameters

To modify a trigger, update the following:

Min interval: The minimum amount of time between notifications. Select Minutes (the default) or Hours.
Threshold: The minimum impact level which will trigger the notification. The impact level range is 30 to 100. Any event with an impact level below 30 is considered benign and will not trigger a notification.
Max Daily: Maximum number of notifications that can be triggered over a 24 hour period.

When you are done, click the Update trigger button. The parameters are saved and the pop-up dismissed.

Click Reset to return the trigger to the previously saved parameters.

Click Defaults to reset the trigger parameters to default values.

Click Cancel to dismiss the pop-up without saving any changes.

Sensor group notifications

All members of a sensor group belong to the same license. The recommended method is to apply the notification parameters to the license. Alternatively, you must individually configure the notification parameters for each sensor in the sensor group. Using a sensor group to configure notifications for a set of sensors is not supported (see About sensor groups).

Notifications for network events are sent from the individual sensors. For an On-Premises installation, you can configure notifications to be sent from the manager.
Notifications for the campaigns are sent from the main sensor for the sensor group.
There are no separate notifications for incidents.

CAUTION:

Under certain circumstances, campaign notifications may not work correctly:

If notifications are sent from the sensors
The sensors belong to a sensor group
The group identifier is tied to a virtual sensor or to a sensor that is currently not running

The workaround is to ensure the group identifier source is an existing physical sensor.