Nebula can notify you when certain events occur, such as when real-time protection or scheduled scans detect threats, or if a new endpoint registers to your console. Use the Notifications settings to choose which alerts you receive. This article explains how to configure email, webhook, Slack, and Microsoft Teams alerts in Nebula.
For Slack, Microsoft Teams, and ThreatDown Admin App notifications, you must first enable the feature:
- Introduction to Nebula integration with Slack
- Introduction to Nebula integration with Microsoft Teams
- ThreatDown Admin app overview for Nebula
For notification categories and conditions, see the table at the bottom.
Configure notifications
- On the left menu, go to Configure > Notifications.
- Click New notification to set up a new Nebula notification.
- On the General settings step, enter a Notification name and Description, then click Next.
- On the Category step, select your notification category and click Next.
- On the Conditions step, select your Conditions to filter out unwanted notifications. Click the add or delete button on the right side to add or remove a condition. Click Next once conditions are selected.
- On the Delivery step, select a delivery method(s) and click Next.
- For Email or Call Webhook:
- Enter a subject for the Subject line.
- Select available email recipients in the drop down menu, or enter custom email recipients to receive notifications.
- For ThreatDown admin app, you must click Allow notifications in the mobile app under Settings > Notifications.
- For Slack:
- Select Slack channels from the drop-down list. These are public channels pulled from your workspace and include private channels if configured in Slack.
- For Microsoft Teams:
- Select Teams conversations from the drop down list. These conversations are pulled from your workspace where the Malwarebytes Notifications app is added.
- For Email or Call Webhook:
- On the Content step, toggle Enable aggregation, if you want to group multiple alerts into a single notification. If enabled, select an Interval.
- Select tiles based on the desired content you want the notification to contain.
- Click Complete.
Categories and conditions
This table provides details on all available notification categories and conditions in Nebula.
Category | Condition |
Threat activity
|
|
User activity
|
|
Endpoint agent activity
|
|
Additional notification settings
- For Vulnerability Assessment customers, see Set up Vulnerability Assessment notifications in Nebula.
- For Patch Management customers, see Set up Patch Management notifications in Nebula.
- For DNS Filtering customers, see Set up DNS Filtering notifications in Nebula.
- For Application Block customers, see Set up Application Block notifications in Nebula.
- For Managed Detection and Response customers, see Set up Managed Detection and Response notifications in Nebula.
- For Managed Threat Hunting customers, see Set up Managed Threat Hunting notifications in Nebula.
Disabling notifications
The Global notifications settings button in the top-right allows a Super Admin to instantly suspend all alerts of any particular type for the account. Super admins can use this to quickly prevent specific delivery methods of notifications without having to toggle off each notification manually.