SA Cfg: Define Notification Output Dialogs

Document created by RSA Information Design and Development on Nov 10, 2016Last modified by RSA Information Design and Development on Feb 6, 2017
Version 6Show Document
  • View in full screen mode
  

This topic provides descriptions of the various notification output dialogs. You configure notification outputs in the Administration > System > Notifications > Output tab. Notifications are basically the destinations used for sending notifications. For ESA, notifications enable you to define how you want to receive the ESA alerts. The following are the different notifications supported by Security Analytics:

  • Email
  • SNMP
  • Syslog
  • Script

Procedures related to notifications are described in Configure Notification Outputs.

To access the Define Notification dialogs:

  1. In the Security Analytics menu, select Administration > System.
  2. In the options panel, select Global Notifications.
  3. On the Output tab, click  and then select a notification output (Email, SNMP, Syslog, or Script)
    The Define Notification dialog is displayed for your selection.

Features

There are four notification dialogs, which allow you to configure notification outputs.

Email

Email notifications enable you to define the destination email address to which you can send the alerts. It also enables you to add a custom description in the subject of the email and also to define multiple destination email addresses.

The following figure shows the Define Email Notification dialog.

06. Email_Notification.png

The following table lists the various parameters that you need to define for the email notifications.

                                 
ParameterDescription
EnableSelect to enable the notification.
NameA name to identify or label the notification.
DescriptionA brief description about the notification.
To Email AddressesDescribes the destination email address to which the alert needs to be sent.

Note: You can define multiple email addresses.

Subject Template TypeLists available templates for creating a subject. When you choose a template, the Subject field is automatically filled in with the code for your chosen template.
SubjectCustom description about the triggered alert. This information is automatically filled in if you choose one of the predefined templates from the Subject Template Type drop-down menu.

Note: To provide a custom subject, please refer to Include the Default Email Subject Line topic in the System Maintenance Guide.

SNMP

SNMP notifications enable you to define the SNMP settings to send alert notifications.

The following figure shows the Define SNMP Notification dialog.

07. SNMP_Notification.png

The following table lists the various parameters that you need to define for the SNMP notifications.

                                 
ParameterDescription
EnableSelect to enable the notification.
NameA name to identify or label the notification.
DescriptionA brief description about the notification.
Trap OIDThe object ID for the SNMP trap on the trap host that receives the event. The default value is 1.3.6.1.4.1.36807.1.20.1. This value is a hierarchical name that represents the system that generates the trap. 1.3.6.1.4.1 is the common prefix for all enterprises and 36807.1.20.1 identifies Security Analytics.
Message OIDThe message object identifier for the SNMP trap.
VariablesAdditional information that should be included within the trap. It is a variable that is a name value pair.

Syslog

Syslog notifications enable you to define the Syslog settings to send alert notifications.

The following figure shows the Define Syslog Notification dialog.

08. Syslog_Notification.png

The following table lists the various parameters that you need to define for the Syslog notifications.

                                             
ParameterDescription
EnableSelect to enable the notification.
NameA name to identify or label the notification.
DescriptionA brief description about the notification.
SeverityDefines the severity of the alert.
EncodingDefines the encoding format. In some environments where no regular character sets are used (for example, Japanese characters), this field will help selecting the right encoding of the characters.
Max LengthThe maximum length of a Syslog message in bytes. The default value is 2048.

Messages that exceed the maximum length are truncated when the Truncate overly large syslog messages checkbox is selected, which is found in Administration > System > Legacy Notifications. Legacy Notifications Configuration Panel provides additional information.
Include Local TimestampSelect to include the local timestamp in messages.
Include Local HostnameSelect to include the local hostname in Syslog messages.
Identity StringAn identity string to be prefixed to each Syslog alert. If the string is blank, no identity string is prefixed to the outgoing Syslog alerts. You can use this to identify the alerts from ESA.

Script

Script notifications enable you to define the Script that executes in response to the alert. You can use any script for ESA notifications.

The following figure shows the Define Script Notification dialog.

09. Script_Notification.png

The following table lists the various parameters that you need to define for the Script notifications.

                         
ParameterDescription
EnableSelect to enable the notification.
NameA name to identify or label the notification.
DescriptionA brief description about the notification.
ScriptDefines the script. 
You are here
Table of Contents > References > Global Notifications Panel > Define Notification Output Dialogs

Attachments

    Outcomes