The Configure > Notifications page in Nebula allows you to choose which notifications you want to receive. For more information, see Set up notifications in Nebula.
For users who are selected as contacts on the Managed Services > Configurations page, a notification called MTH case updated is automatically created. For more information, see Configure Managed Threat Hunting in Nebula.
TIP - These notifications alert the end-user when action is required on a threat analyzed by our Managed Services team. When you receive this notification, check the Managed Services page in Nebula for the next steps. The email notifications intentionally contain limited information to ensure privacy and security.
Recommended setup for Nebula MTH notifications
- On the left menu, go to Configure > Notifications.
- To create a new notification, click New notification.
- To edit an existing notification, click on an existing notification name.
- On the General settings step, enter or update the Notification name and Description, then click Next.
- On the Category step, select Managed services activity > Case Management and click Next.
- On the Delivery step, select a delivery method(s) and click Next.
- For Email or Call Webhook:
- Enter a subject for the Subject line.
- Select available email recipients in the drop down menu, or enter custom email recipients to receive notifications.
- For ThreatDown admin app, you must click Allow notifications in the mobile app under Settings > Notifications.
- For Slack:
- Select Slack channels from the drop-down list. These are public channels pulled from your workspace and include private channels if configured in Slack.
- For Microsoft Teams:
- Select Teams conversations from the drop down list. These conversations are pulled from your workspace where the Malwarebytes Notifications app is added.
- For Email or Call Webhook:
- On the Content step, toggle Enable aggregation, if you want to group multiple alerts into a single notification. If enabled, select an Interval.
- Select the following fields under Choose content.
- Case ID, Case Name, Priority, Endpoints, and Case Creation Time
- Click Complete.
Case detail fields
Cases that create notifications use fields to populate content for the notification message. See the table below to view the available fields.
Field | Value |
Account ID |
The ID associated with the Nebula account. |
Case ID | The ID associated with the created case in the Managed Services page. |
Case Creation Time |
Time the case was created in the Managed Services page. |
Case Name | The name given to a case created in the Managed Services page. |
Endpoints | Endpoints a case is registered with. |
Priority |
Alerts based on priority of the case.
|
Return to Managed Threat Hunting guide for Nebula.