Skip to main content

Set up notifications in Nebula

Nebula can notify you when certain events occur, such as when real-time protection or scheduled scans detect threats, or if a new endpoint registers to your console. Use the Notifications settings to choose which notifications you want to receive. This article explains how to configure email, webhook, and Slack notifications in Nebula.

For Slack notifications, you must enable this feature. See Nebula integration with Slack guide.

For notification categories and conditions, see the table at the bottom. 

Configure notifications

  1. On the left menu, go to Configure > Notifications.
  2. Click New to set up a new Nebula notification. 
  3. On the General page, enter your Notification name and Description.
  4. Click Next
  5. On the Category page, select your notification category and click Next.  
  6. On the Conditions page, select your Conditions. Click the add or delete button on the right side to add or remove a condition.
    Capture3.PNG
  7. Click Next once conditions are selected.
  8. On the Delivery page, click Enable digesting, if you want to group multiple alerts into a single notification. If enabled select your Interval and Grouped by options. 
  9. Select EmailCall Webhook, or Slack for your notification delivery method.
    • For Email or Call Webhook:
      1. Enter in a subject for the Subject line.
      2. Select available email recipients in the drop down menu, or enter in custom email recipients to receive notifications.
    • For Slack if enabled: 
      1. Select Slack channels from the drop down list. These are public channels pulled from your workspace. 
    • For Slack if disabled: 
      1. Click Add to Slack
      2. If you are signed in to your Slack workspace, click Allow to complete
      3. If you are not signed in to your Slack workspace, follow the steps below: 
        1. Enter your Slack workspace name. 
        2. Click Continue
        3. On the popup screen, click Sign in with SSO or I have a guest account to sign in with your Slack email and password. 
        4. Once signed in, click Allow
      4. Select Slack channels from the drop down list. These are channels pulled from your workspace. 
  10. Select tiles based on the desired content you want the notification to contain. 
    Capture__1_.PNG
  11. Click Complete.

Categories and conditions

This table provides details on all available notification categories and conditions in Nebula.

Category Condition

Threat activity

  • Suspicious activity: Notifies you of suspicious activity detections in the console.
  • Detections: Notifies you of real-time protection or scheduled scan detections.
  • Scheduled or on-demand scans: Notifies you of actions performed on detections in scans.
  • Device Control: Notifies you of actions taken on drives connected via USB.
  • Suspicious activity
    • Severity level: All, Low, Medium, High
    • Operating system: All, Windows, Mac, Linux
    • Threat name
  • Detections
    • Detection type: All, Malware, PUP, PUM, Exploit, Ransomware, Website, Remote Intrusion
    • Real-time protection: True, False
    • Action taken: All, Blocked, Found, Quarantined, Deleted, Restored
    • Operating system: All, Windows, Mac, Linux
    • Threat name
  • Scheduled or on-demand scans
    • Action: All, Found, Cleaned
  • Device Control
    • Action taken: All, Blocked, Read-only
    • Operating System: All, Windows, Mac
    • Device name
    • Manufacturer

User activity

  • User added: Notifies you when a new user is added. 
  • User deleted: Notifies you when a user is deleted. 
  • User verified: Notifies you when a user verifies their account. 

 

Endpoint agent activity

  • Command update: Notifies you when commands are issued to endpoints.
  • Software update: Notifies you when a update command is issued to endpoints.
  • Endpoint registered: Notifies you when an endpoint is registered. 
  • Endpoint deleted: Notifies you when an endpoint is deleted from Nebula. 
  • Command update
    • Status: All, Created, Sent, Received, Started, Timed out, Completed, Expired, Failed
  • Software update
    • Status: All, Completed, Failed
  • Endpoint deleted
    • Timeout: Yes, No

Additional information

 

Return to the Malwarebytes Nebula Administrator Guide.

Related articles