CLOUD SOLUTIONS

Notification types

This is the list of available notifications types:

  • Malware Outbreak

    This notification is sent to the users that have at least 5% of all their managed network objects infected by the same malware.

    You can configure the malware outbreak threshold according to your needs in the Notifications Settings window. For more information, refer to Configuring Notification Settings.

  • License Expires

    A notification is sent 90, 30, 7 days, and also one day before the license expires. The notifications will include company information, product name, the expired license keys and useful URLs.

    Note

    You must have Manage Company right to view this notification.

  • License Usage Limit Has Been Reached or Exceeded

    This notification is sent when all of the available licenses have been used. In case the number of installations exceeds the license limit, the notification shows the unlicensed endpoints within the past 24 hours.

    Note

    You must have Manage Company right to view this notification.

  • License Limit Is About To Be Reached

    This notification is sent when 90% of the available licenses have been used.

    Note

    You must have Manage Company right to view this notification.

  • Servers License Usage Limit Has Been Reached

    This notification is sent when the number of protected servers reaches the limit specified on your license key.

    Note

    You must have Manage Company right to view this notification.

  • Servers License Limit is About to Be Reached

    This notification is sent when 90% of the available license seats for servers have been used.

    Note

    You must have Manage Company right to view this notification.

  • Exchange License Usage Limit Has Been Reached

    This notification is triggered each time the number of protected mailboxes from your Exchange servers reaches the limit specified on your license key.

  • Invalid Exchange user credentials

    This notification is sent when an on-demand scan task could not start on the target Exchange server due to invalid Exchange user credentials.

  • Advanced Anti-Exploit

    This notification informs you when Advanced Anti-Exploit has detected exploit attempts in your network.

  • Antiphishing event

    This notification informs you each time the endpoint agent blocks a known phishing web page from being accessed. This notification also provides details such as the endpoint that attempted to access the unsafe website (name and IP), installed agent or blocked URL.

    This notification informs you each time the endpoint agent detects a known phishing web page.

  • Firewall event

    With this notification you are informed each time the firewall module of an installed agent has blocked a port scan or an application from accessing the network, according to applied policy.

  • ATC/IDS event

    This notification is sent each time a potentially dangerous application is detected and blocked on an endpoint in your network. You will find details about the application type, name and path as well as the parent process ID and path and the command line that started the process, if the case.

    This notification is sent each time a potentially dangerous application is detected on an endpoint in your network. You will find details about the application type, name, and path as well as the parent process ID and path and the command line that started the process if the case.

  • User Control event

    This notification is triggered each time a user activity such as web browsing or software application is blocked by the endpoint client according to applied policy.

    Note

    User Control event notifications cannot be sent through email. Due to performance reasons, these notifications can only be sent via API to a SIEM platform.

  • Product Modules event

    This notification is sent each time a security module of an installed agent gets enabled or disabled.

    Syslog format availability: JSON, CEF

  • Security Server Status event

    This type of notification provides information about the status changes of a certain Security Server installed in your network. The Security Server status changes refer to the following events: powered off / powered on, product update, security content update and reboot required.

  • Overloaded Security Server event

    This notification is sent when the scan load on a Security Server in your network exceeds the defined threshold.

  • Product Registration event

    This notification informs you when the registration status of an agent installed in your network has changed.

  • Amazon EC2 Licensing event

    This notification informs you that your Amazon EC2 subscription has been successfully activated.

  • Amazon EC2 Trial Expires in 7 Days

    This notification informs you that your Amazon EC2 trial subscription will expire in 7 days.

  • Amazon EC2 Trial Expires Tomorrow

    This notification is sent one day before the expiration of your Amazon EC2 trial subscription.

  • Authentication Audit

    This notification informs you when another GravityZone account from your company, except your own, was used to log in to Control Center from an unrecognized device. If you select the Receive notification for child companies check box, notifications will be sent also for GravityZone accounts belonging to your managed companies.

    This notification informs you when another GravityZone account, except your own, was used to log in to Control Center from an unrecognized device.

  • Login from New Device

    This notification informs you that your GravityZone account was used to log in to Control Center from a device you have not used for this purpose before. The notification is automatically configured to be visible both in Control Center and on email and you can only view it.

  • Task Status

    This notification informs you either each time a task status changes, or only when a task finishes, according to your preferences.

    You can also receive this notification for scanning tasks triggered through NTSA.

  • Outdated Update Server

    This notification is sent when an Update Serverr in your network has outdated security content.

  • Network Incidents event

    This notification is sent each time the Network Attack Defense module detects an attack attempt on your network. This notification also informs you if the attack attempt was conducted either from outside the network or from a compromised endpoint inside the network. Other details include data about the endpoint, attack technique, attacker’s IP, and the action taken by Network Attack Defense.

  • Sandbox Analyzer Detection

    This notification alerts you every time Sandbox Analyzer detects a new threat among the submitted samples. You are presented with details such as company name, hostname or IP of the endpoint, time and date of the detection, threat type, path, name, size of the files and the remediation action taken on each one.

    Note

    You will not receive notifications for clean analyzed samples. Information on samples submitted by your company is available in the Sandbox Analyzer Results (Deprecated) report. Information on samples submitted by your company is also available in the Sandbox Analyzer section, in the main menu of Control Center.

  • HyperDetect Activity

    This notification informs you when HyperDetect finds any antimalware or unblocked events in the network. This notification is sent for each HyperDetect event and provides the following details:

    • Affected endpoint information (name, IP, installed agent)

    • Malware type and name

    • Infected file path. For file-less attacks it is provided the name of the executable used in the attack.

    • Infection status

    • The SHA256 hash of the malware executable

    • The type of the intended attack (targeted attack, grayware, exploits, ransomware, suspicious files and network traffic)

    • Detection level (Permissive, Normal, Aggressive)

    • Detection time and date

    You can view details about the infection and further investigate the issues by generating a HyperDetect Activity report right from the Notifications page. To do so:

    1. In Control Center, click the notifications.png Notification button to display the Notification Area.

    2. Click the Show more link at the end of the notification to open the Notifications page.

    3. Click the View report button in the notification details. This opens the report configuration window.

    4. Configure the report if needed. For more information, refer to Creating Reports.

    5. Click Generate.

    Note

    To avoid spamming, you will receive maximum one notification per hour.

  • Active Directory Integration Issue

    This notification informs you of issues that affect the synchronization with Active Directory.

  • Missing Patch Issue

    This notification occurs when endpoints in your network are missing one or more available patches.

    GravityZone automatically sends a notification containing all findings within the last 24 hours to the notification date. The notification is sent to all your user accounts.

    You can view which endpoints are in this situation by clicking the View report button in notification details.

    By default, the notification refers to security patches, but you may configure it to inform you of non-security patches as well.

  • New Incident

    This notification informs you when a new incident occurs. Once enabled, the notification is generated every time a new incident is displayed under the Incidents section of Control Center.

  • Ransomware detection

    This notification informs you when GravityZone detects a ransomware attack within your network. You are provided with details regarding the targeted endpoint, the user that was logged in, the source of the attack, the number of encrypted files, and the time and date of the attack.

    At the time you receive the notification the attack is already blocked.

    The link in the notification will redirect you to the Ransomware Activity page, where you can view the list of encrypted files and restore them if needed.

  • Storage Antimalware

    This notification is sent when malware is detected on an ICAP-compliant storage device. This notification is created for each malware detection, providing details about the infected storage device (name, IP, type), detected malware and detection time.

  • Troubleshooting activity

    This notification informs you when a troubleshooting event in your network ends. You can view details about the event type and status, the troubleshooting target, the storage location where you can find the logs archive, and others.

  • Security Container Status Update

    The notification informs you when the product update status changes for a Security Container installed in your network.

  • Password Expiration Enabled

    This notification informs you when the password expiration is enabled on your account.

  • Password Expiration Reminder

    This notification is sent daily, starting 10 days before your GravityZone password expires, to remind you that you need to change it.

    To quickly update the password, click the My Account button from the notification in Control Center.

  • Account Lockout Enabled

    This notification informs you when the account lockout is enabled on your account.

  • Account Locked Out

    This notification is sent via email to inform you that your account was locked out due to repeated login attempts with invalid passwords.