Configure notifications for endpoint security alerts

Procedure

1. In the Trend Vision One console, go to Administration → Notifications → Alerts.
2. Click Endpoint security alerts.
   The Alert settings appear.
3. To enable notifications, click On.

   Important You must enable notifications to start sending alerts to Endpoint Alerts.

4. Configure the Endpoint alert watchlist.
   1. Click Configure watchlist.
   2. In the Endpoint Security alerts screen, select alerts in the Available security alerts list you want to monitor and click the selector icon () to add to the watchlist.
   3. To remove alerts from the watchlist, select the alerts in the Selected alerts list you do no want to monitor and click the remover icon ().
   4. Once you have configured the Selected alerts you want to monitor, click Apply.

      Important The watchlist applies to all Trend Vision One users who have permission to view Endpoint Alerts. Users cannot individually customize the watchlist for their own view. Clicking Apply does not save your settings. You must click Save for the Alert settings.

5. Specify the Frequency of notifications.
6. To automatically dismiss alerts in Endpoint Alerts, select If still active after 3 days.
7. Configure the recipients for the notification.

   Note Recently created Trend Vision One accounts might not immediately appear as an available recipient. To configure a recipient group, click Settings → Recipient group list in the main Notifications list view.

   1. To send notifications by email, click the Email tab and specify email addresses, Trend Vision one accounts, or email groups to receive the notification.
      To send a test email, click Send test message. You can specify whether to Send only to newly added recipients or Send to all recipients.
   2. To send notifications by webhook, click the Webhook tab and specify which webhooks or webhook groups to receive the notification.
      If your webhook is not listed, create a new webhook connection by managing webhooks in the Webhook List.
   3. To send notifications to users by the Trend Vision One mobile app, click the Mobile tab and specify the Trend Vision One user accounts or mobile groups to receive the notification.
      To send an installation link for the mobile app, click Send Mobile App Installation Link. You can specify whether to Send only to newly added accounts or Send to all accounts.
8. To control which notifications are sent to your recipients, configure recipient groups to receive notifications based on the type and severity of endpoint alerts.

   Note The following steps apply to each notification type. Repeat the steps as needed to configure your email, webhook, and mobile notification settings. Recipients or webhooks not added to a group receive all notifications by default.

   1. For email and mobile users, enable Notify recipients based on endpoint alert.
   2. For webhooks, enable Send webhook notifications based on endpoint alert.
   3. For each notification method, click Select group.
   4. Select a Group name.
   5. Select which Endpoint alerts to send notifications.
   6. Select one or more Alert severity levels to send notifications.
      Recipients only receive alerts for the selected alert severity. If you only select Low, the group does not receive higher severity alerts, and does not receive Informational alerts. You can select the following severity levels:

      • Critical
      • High
      • Medium
      • Low
      • Informational
   7. Click Save.
9. Once you have configured the notification methods you want to use, click Save.