Skip to main content

Set up Managed Threat Hunting notifications in OneView

Updated: 

The Configure > Notifications page in OneView allows admins to choose which notifications to receive. For more information, see Set up notifications in OneView.

For users who are selected as contacts in the Managed Threat Hunting settings, a notification called MTH case updated is automatically created. For more information, see Configure Managed Threat Hunting in OneView.

TIP - These notifications alert the end-user when action is required on a threat analyzed by our Managed Services team. When you receive this notification, check the Managed Services page in OneView for the next steps. The email notifications intentionally contain limited information to ensure privacy and security.

Recommended setup for OneView MTH notifications

  1. On the left menu, go to Configure Notifications.
    • To create a new notification, click New notification
    • To edit an existing notification, click on an existing notification name.
  2. On the General settings step, enter or update the Notification name and Description, then click Next.
  3. On the Category step, select Managed Services > Case Management and click Next.
  4. On the Conditions page, specify or select all sites to receive notifications from and select any conditions to filter out unwanted notifications, then click Next.
  5. On the Delivery step, select a delivery method(s) and click Next.
    • For Email or Call Webhook:
      1. Enter a subject for the Subject line.
      2. Select available email recipients in the drop down menu, or enter custom email recipients to receive notifications.
    • For Slack:
      • Select Slack channels from the drop-down list. These are public channels pulled from your workspace and include private channels if configured in Slack.
    • For Microsoft Teams:
      • Select Teams conversations from the drop down list. These conversations are pulled from your workspace where the Malwarebytes Notifications app is added.
  6. On the Content step, toggle Enable aggregation, if you want to group multiple alerts into a single notification. If enabled, select your Interval and Grouped by options. 
  7. Select the following fields under Choose content
    • Case IDCase NamePriorityEndpoints, and Case Creation Time
  8. Click Complete

Case detail fields

Cases that create notifications use fields to populate content for the notification message. See the table below to view the available fields. 

Field Value
Account ID The ID associated with the OneView site or account. 
Case ID The ID associated with the created case in the MTH portal. 
Case Creation Time

Time the case was created in the MTH portal.
Case Name The name given to a case created in the MTH portal
Endpoints Endpoints a case is registered with. 
Priority

Alerts based on priority of the case.

  • All
  • Critical
  • High
  • Medium
  • Low

 

Return to Managed Threat Hunting.

Still have questions?

Support is available via chat, phone or by creating a ticket. You can also use our virtual assistant for guided assistance.

Learn more