OneView sends notifications when action is required of the end user in the Managed Detection and Response (MDR) Portal. Notifications are also sent when the MDR settings configured in OneView are updated.
When a notification is received, check your MDR portal for next steps. To ensure privacy and security, the email notifications intentionally contain limited information.
A notification called MDR case updated is automatically created for users selected as contacts on the Managed Detection & Response settings page. For more information, see Configure Managed Detection and Response in OneView.
Use the Notifications page in OneView to configure which notifications you want to receive from the MDR portal. For more information, see Set up notifications in OneView.
Recommended setup for OneView MDR notifications
- On the left menu, go to Configure > Notifications.
- To create a new notification, click New notification.
- To edit an existing notification, click on an existing notification name.
- On the General settings step, enter or update the Notification name and Description, then click Next.
- On the Category step, select Managed Services > Case Management and click Next.
- On the Delivery step, select a delivery method(s) and click Next.
- For Email or Call Webhook:
- Enter a subject for the Subject line.
- Select available email recipients in the drop down menu, or enter custom email recipients to receive notifications.
- For Slack:
- Select Slack channels from the drop-down list. These are public channels pulled from your workspace and include private channels if configured in Slack.
- For Microsoft Teams:
- Select Teams conversations from the drop down list. These conversations are pulled from your workspace where the Malwarebytes Notifications app is added.
- For Email or Call Webhook:
- On the Content step, toggle Enable aggregation, if you want to group multiple alerts into a single notification. If enabled, select your Interval and Grouped by options.
- Select the following fields under Choose content.
- Case ID, Case Name, Priority, Endpoint, and Case Creation Time
- Click Complete.
Case detail fields
Cases that create notifications use fields to populate content for the notification message. See the table below to view the available fields.
Field | Value |
Account ID |
The ID associated with the OneView site or account. |
Case ID | The ID associated with the created case in the MDR portal. |
Case Creation Time |
Time the case was created in the MDR portal. |
Case Name | The name given to a case created in the MDR portal |
Endpoints | Endpoints a case is registered with. |
Priority |
Alerts based on priority of the case.
|
Return to Managed Detection and Response.