Malwarebytes OneView can notify you when events occur, such as when a vulnerability is found on an endpoint. Use the Notifications settings to choose which vulnerability alerts you want to receive. This keeps your administrators up to date on detected software vulnerabilities on endpoints.
Set up vulnerability notifications
To begin creating vulnerability notifications:
- Log in to Malwarebytes OneView.
- On the left menu expand Settings, then click Notifications.
- Click Add notification to set up a new OneView notification.
- On the General page, enter your Notification name and Description.
- Click Next.
- On the Category page, select Endpoint agent activity, then Vulnerability status and click Next.
- On the Conditions page, select your Sites and Conditions. Click the add or delete button on the right side to add or remove a condition. See the Conditions table below for more information.
- Click Next once conditions are selected.
- On the Delivery page, click Enable aggregation if you want to group multiple alerts into a single notification. If enabled, select your Interval and Grouped by options.
- Select Email or Call Webhook for your notification delivery method.
- Enter in a notification subject for the Subject line or your Webhook URL.
- Select available email recipients in the drop down menu, or enter in additional email recipients to receive notifications.
Note: Selected recipients will receive notifications for all sites added on the conditions page, even if the user is not assigned to the site in OneView. - Select notification tiles based on the desired content you want the email or call webhook notification to contain. See the Delivery table below for more information.
- Click Complete to finish setting up the notification.
Conditions
The following conditions and values are available:
Conditions | Operations | Values | Description |
CISA recommended |
|
|
|
Severity |
|
Set vulnerability notifications based on the following severity levels:
|
Severity is set using the CVSS standard. For more information on severity, see Manage vulnerabilities in Malwarebytes OneView. |
Product/Application name |
|
Examples:
|
Enter a product or application name to receive vulnerability notifications about. Note: Verify products and application names on the Vulnerabilities page to ensure correct format. |
Vendor |
|
Examples:
|
Enter a vendor name to receive vulnerability notifications about. Note: Verify vendor names on the Vulnerabilities page to ensure correct format. |
Operating system |
|
Select the operating systems to receive vulnerability notifications about. |
Delivery
Notification tiles provide you with endpoint system details, software information, and vulnerability reports when selected. The following notification tiles are available:
Column | Description |
CISA recommended |
|
Vulnerability Identified date | Date the vulnerability was detected on the endpoint. |
CVE ID |
|
Endpoint name | Host name of the vulnerable endpoint. |
OS platform | Operating system type of the endpoint. |
OS version | Operating system version number of the endpoint. |
Application name | Detected application name with the vulnerability. |
Severity |
Severity level of the detected vulnerability. Severity levels are:
|
Vendor name | Vendor name of the installed software which is vulnerable. |
Return to Malwarebytes OneView Vulnerability Assessment guide.