Notifications keep you informed about what's happening in your environment. For example, you can receive alerts about threats detected on your devices or when the endpoint agent is uninstalled from a device. We provide each Nebula user with 6 types of notifications. These default and other notifications can be viewed and added on the Configure > Notifications page. Learn about these default notifications and which ones we recommend adding.
The default notifications alert you about the following events:
- Detections Found and Cleaned: Threat found or removed by a scheduled or on-demand scan.
- High Severity Suspicious Activity: Suspicious activity with a high severity detected on an endpoint. Suspicious Activity Monitoring is a feature of Endpoint Detection and Response.
- Nebula User Deleted: User deleted from Nebula.
- Nebula User Invited: User invited to Nebula.
- Nebula User Verified: User accepted the invitation email to Nebula.
- Real-Time Protection: Threat blocked by real-time protection. This is disabled by default due to the volume of alerts it produces.
Notifications are unique to each user, so modifying or adding notifications does not affect other users. We recommend creating notifications to alert you when the endpoint agent is installed on or removed from a device. This helps you keep track of your installs and lets you know if any of your devices are unprotected.
- Endpoint registered: This notification alerts you when a new endpoint is added to Nebula. If the endpoint agent installer was shared with your users, use this notification to see when they complete the installation. This also alerts you if the endpoint agent is installed on an unauthorized device, such as a personal device.
- Endpoint deleted: Use this notification to find out if users are removing the endpoint agent without your permission.
For steps on creating notifications, see Set up notifications in Nebula.