Manage Notifications

Use the Notifications tab to review all the notifications you create, and to add, edit, and test specific notification rules. Notifications enable you to create alert actions performed when specific events or triggers take place in ExtremeCloud IQ Site Engine. Notification actions include sending an email, creating a syslog entry, sending an SNMP trap, and launching a custom program or script.

To access this window, expand Access Control> Configuration in the left-panel and select Notifications.

Notifications Table Buttons

Use these buttons to add, edit, delete, or test a notification.

Add
Select to open the Add Notification window, where you can define a new notification rule.
Edit
Select to open the Edit Notification window, where you can edit notification rule actions for selected notification(s).
Delete
Select to delete notification(s) you select in the table.
Configuration
Use the configuration menu button to create default SIEM Notifications or change the default SIEM server:

Create Default SIEM Notifications - Creates five default notifications that enable the notification feature to integrate with SIEM (Security Information and Event Manager) by sending syslog messages to your SIEM server. The notifications are based on the following conditions and triggers:
  • Any Registration event
  • Any Health Result
  • End-System events:
    • End-system added
    • End-system moved
    • End-system state changed

The generated syslog messages include the following information:

  • IP address
  • MAC address
  • Username
  • Switch IP address
  • Switch port
  • Hostname
  • Operating system
  • State
  • Extended State
  • Reason
  • NAC Appliance

Change Default SIEM Server - Use this option to change the default SIEM server IP address used when you generate new default SIEM notifications. The specified default SIEM server only applies to newly generated notifications; manually edit previously generated notifications to change the server.

Notifications Table

The following columns are included in the Notifications Table:

Enabled
The checkbox indicates whether the notification is enabled. When a notification is enabled, the defined action takes place when the trigger occurs and the conditions are met.
Name
The name of the notification.
Type
The notification type defines the source of the event triggering the notification: End-System Group, End-System, User Group, Health Result, or Registration.
Trigger
The trigger determines when a notification action occurs, based on filtering for a specific event.
Action
The actions that take place when a notification is triggered.
Override Content
Specifies whether Override Content is enabled or disabled for the notification.
Notes
A short description of the notification rule. This description is created when a new notification is added.

Enable Default Notifications

ExtremeControl includes four default notifications you can enable and edit. To enable a default notification, perform the following steps:

  1. Select the notification in the table and select the Edit button to open the Edit Notification window.
  2. Use the Edit Email Lists button and change the default address to an address specific to your network.
    Default notifications are configured to send an email to this address.
  3. Configure the SMTP E-Mail Server option in the SMTP Email Options to identify the SMTP email server used for outgoing messages generated by the Notification feature.
  4. Select the Enable Notification check box and then select OK in the Edit Notification Action window.
    The default notification is now enabled in the Manage Notifications window.

The following examples show how notifications can be used to alert you of changes or events in your network:

  • Send an email to the Helpdesk when an end-system changes location, for example if it moves from a wired connection in a building to a wireless connection outside.
  • Send a trap if an end-system fails registration.
  • Send a syslog message if an end-system reports a high risk assessment result.
  • Send an email if an end-system that is reported as a stolen laptop authenticates on the network.
  • Send an email if someone logs into the network after normal work hours.
  • Send an email when an end-system is added or removed from an end-system group, such as the blocked list end-system group or other defined end-system group.
  • Send an email when a user is added or removed from a user group, such as an Administrator or Help Desk user group.

Related Information

For information on related help topics: