Nebula can notify you when certain events occur, such as when real-time protection or scheduled scans detect threats, or if a new endpoint registers to your console. Use the Notifications settings to choose which alerts you receive. This article explains how to configure email, webhook, Slack, and Microsoft Teams alerts in Nebula.
Super Admins see notifications for all users on this page. Other user roles only see the notifications they own.
For Slack, Microsoft Teams, and ThreatDown Admin App notifications, you must first enable the feature:
- Introduction to Nebula integration with Slack
- Introduction to Nebula integration with Microsoft Teams
- ThreatDown Admin app overview for Nebula
For notification categories and conditions, see the table at the bottom.
Configure notifications
- On the left menu, go to Configure > Notifications.
- Click New notification to set up a new Nebula notification.
- On the General settings step, fill out the information and click Next.
- Notification name: Title for the notification.
- Description: A brief description of the notification.
- Owner: The owner of the notification. This field is automatically set to the logged-in user. Notifications can be modified by any Super Admin or the notification owner. Super Admins can change the notification owner if required.
- On the Category step, select your notification category and click Next.
- On the Conditions step, select your Conditions to filter out unwanted notifications. Click the add or delete button on the right side to add or remove a condition. Click Next once conditions are selected.
- On the Delivery step, select a delivery method(s) and click Next.
- For Email or Call Webhook:
- Enter a subject for the Subject line.
- Select available email recipients in the drop down menu, or enter custom email recipients to receive notifications.
- For ThreatDown admin app, you must click Allow notifications in the mobile app under Settings > Notifications.
- For Slack:
- Select Slack channels from the drop-down list. These are public channels pulled from your workspace and include private channels if configured in Slack.
- For Microsoft Teams:
- Select Teams conversations from the drop down list. These conversations are pulled from your workspace where the Malwarebytes Notifications app is added.
- For Email or Call Webhook:
- On the Content step, toggle Enable aggregation, if you want to group multiple alerts into a single notification. If enabled, select an Interval and view type.
- Summary view: Provides a brief overview of the events found with an attached CSV document containing the full details and a link to view the events directly in the console. If an admin has already acted on the alerts, the information in the console may not match the data in the CSV file.
- Detailed view: Contains the full details of the events in the notification email itself.
- Select tiles based on the desired content you want the notification to contain.
- Click Complete.
Categories and conditions
This table provides details on all available notification categories and conditions in Nebula.
| Category | Condition |
|---|---|
|
Threat activity
|
|
|
User activity
|
|
|
Endpoint agent activity
|
|
Modules and services notifications
- For Vulnerability Assessment customers, see Set up Vulnerability Assessment notifications in Nebula.
- For Patch Management customers, see Set up Patch Management notifications in Nebula.
- For DNS Filtering customers, see Set up DNS Filtering notifications in Nebula.
- For Application Block customers, see Set up Application Block notifications in Nebula.
- For Firewall Management customers, see Set up Firewall Management notifications in Nebula.
- For Email Security customers, see Set up Email Security notifications in Nebula.
- For Identity Threat Detection & Response customers, see Set up Identity Threat Detection & Response notifications in Nebula.
- For Managed Detection and Response customers, see Set up Managed Detection and Response notifications in Nebula.
- For Managed Threat Hunting customers, see Set up Managed Threat Hunting notifications in Nebula.
Reassigning notifications
Only Super Admins and the notification owners can modify or delete a notification. If you need to change ownership of a notification to a different admin, Super Admins can:
- Select the checkbox next to the notifications.
- In the top-left, click Actions.
- Click Reassign.
- Select another Nebula user.
- Click Save.
Disabling notifications
The Global notifications settings button in the top-right allows a Super Admin to instantly suspend all alerts of any particular type for the account. Super admins can use this to quickly prevent specific delivery methods of notifications without having to toggle off each notification manually.
To disable a specific notification without deleting it, simply scroll to the right of the notification and toggle it off.
Deleting notifications
Delete a notification to permanently prevent the alert from triggering:
- Select the checkbox next to the notifications.
- In the top-left, click Actions.
- Click Delete.
- In the confirmation window, click Delete.