Manage Notifications
Use the Notifications tab to review all the notifications you create, and to add, edit, and test specific notification rules. Notifications enable you to create alert actions performed when specific events or triggers take place in ExtremeCloud IQ Site Engine. Notification actions include sending an email, creating a syslog entry, sending an SNMP trap, and launching a custom program or script.
To access this window, expand Access Control> Configuration in the left-panel and select Notifications.
Notifications Table Buttons
Use these buttons to add, edit, delete, or test a notification.
- Edit
- Select to open the Edit Notification window, where you can edit notification rule actions for selected notification(s).
- Configuration
- Use the configuration menu button to create default SIEM Notifications or change the default SIEM server:
- Create Default SIEM Notifications - Creates five default notifications that enable the notification feature to integrate with SIEM (Security Information and Event Manager) by sending syslog messages to your SIEM server. The notifications are based on the following conditions and triggers:
- Any Registration event
- Any Health Result
- End-System events:
- End-system added
- End-system moved
- End-system state changed
- IP address
- MAC address
- Username
- Switch IP address
- Switch port
- Hostname
- Operating system
- State
- Extended State
- Reason
- NAC Appliance
The generated syslog messages include the following information:
Change Default SIEM Server - Use this option to change the default SIEM server IP address used when you generate new default SIEM notifications. The specified default SIEM server only applies to newly generated notifications; manually edit previously generated notifications to change the server.
Notifications Table
The following columns are included in the Notifications Table:
- Enabled
- The checkbox indicates whether the notification is enabled. When a notification is enabled, the defined action takes place when the trigger occurs and the conditions are met.
- Type
- The notification type defines the source of the event triggering the notification: End-System Group, End-System, User Group, Health Result, or Registration.
- Trigger
- The trigger determines when a notification action occurs, based on filtering for a specific event.
- Action
- The actions that take place when a notification is triggered.
-
NOTE: Actions cannot be defined for default notification rules starting with the name "Connect ES".
- Override Content
- Specifies whether Override Content is enabled or disabled for the notification.
- Notes
- A short description of the notification rule. This description is created when a new notification is added.
Enable Default Notifications
ExtremeControl includes four default notifications you can enable and edit. To enable a default notification, perform the following steps:
- Select the notification in the table and select the Edit button to open the Edit Notification window.
- Use the Edit
Email Lists button and change the default address to an address specific to your
network.
Default notifications are configured to send an email to this address. - Configure the SMTP E-Mail Server option in the SMTP Email Options to identify the SMTP email server used for outgoing messages generated by the Notification feature.
- Select the Enable
Notification check box and then select OK in the Edit Notification Action window.
The default notification is now enabled in the Manage Notifications window.
The following examples show how notifications can be used to alert you of changes or events in your network:
- Send an email to the Helpdesk when an end-system changes location, for example if it moves from a wired connection in a building to a wireless connection outside.
- Send a trap if an end-system fails registration.
- Send a syslog message if an end-system reports a high risk assessment result.
- Send an email if an end-system that is reported as a stolen laptop authenticates on the network.
- Send an email if someone logs into the network after normal work hours.
- Send an email when an end-system is added or removed from an end-system group, such as the blocked list end-system group or other defined end-system group.
- Send an email when a user is added or removed from a user group, such as an Administrator or Help Desk user group.
For information on related help topics: