You can customize the Slack or email message of the notification sent to end-users with the alerts.
Learn how to configure Nightfall for Github to receive alerts as Jira tickets.
Nightfall for Github is integrated with Jira, and it enables you to receive an alert as a Jira ticket. You can configure to receive alerts as Jira tickets, and assign them to project.
Note: You must have an active Jira instance for this feature to work.
To configure Jira tickets
Click Jira Ticket.
Select a Project and Issue Type. Enter any comments if required.
Click Save Changes.
Nightfall sends alerts whenever a violation is reported. To send the alert notification to a Slack channel,
Enter the Slack channel name and Click Save.
You can learn more about the metadata that is sent with alerts in slack channel here.
The table below describes the metadata that is captured in each alert:
Slack
Webhook
Findings
Where
Findings
Where
Detection rule link
Detection rule violated
Permalink
violation link
Fields - Field name
Project - Project name
Project type
When
Timestamp
Detection rules
Policies violated
Who
User name
Link to the violations dashboard in console
Event - Created, Edited
Finding snippets
Remediation actions
Fields - Field name
Project - Project name
Project type
When
Timestamp
Detection rules
Policies violated
Who
User name
Event - Created, Edited
Finding snippets
No remediation actions
Violation time
Integration metadata
Findings
Nightfall sends alerts whenever a violation is reported. To send the alert notification to an email, enter the email address.
Click Save.
If you are managing your security workflow in a tool other than Slack, you can configure to receive alerts there through a webhook integration. Webhook alerts enable you to funnel Nightfall alerts to a SIEM, which enables logging to ensure compliance.
To configure alerts to a webhook,
Click Change. A pop-up displays.
Enter the destination URL of your SIEM or HTTP even collector.
Click Save.
Learn how to configure alerts for different channels.
Nightfall sends alerts in real time to the channels or platforms you configure. You can configure the following alerts:
To configure alerts,
Click Edit in Settings.
Supported.
Alert messages are sent each time an action is taken on a violation.
Alert channels can only be from within the same Slack workspace.
Cannot reuse alert channels across different integrations.
Cannot select existing channels for alerts.
Supported.
Individual emails are sent for each alert and for each action taken on a violation.
Can initiate remediation actions via email alerts.
Supported.