Threats notifications

Email notifications

Insights E provides a mailing service for Threats notifications and reports to the mail set in the Users account.

Mail Server Settings

  1. Go to System > Settings > Perferences > System page and set the mail server first. When setting the server, all information must be filled out, and through the Settings test, You can check whether it is operating normally.
Item Content
Connection security method Supports SMTP(25), SMTPS(465), MSA/STARTTLS(587).
Server Port Enter the same port as the connection security method.

User Account Settings

  1. In System > Settings > Users, go to the Users account and click the account to which the report will be sent.
  2. In the user edit screen, select the information to be provided in the e-mail notification, enter the e-mail address to which the report will be sent in the additional information and click the edit button.
Item Description
Threat Notifycation Send threat information generated within 1 hour by e-mail. (available every hour)
Disk Usage Notification Insights When the device's disk utilization exceeds the default value (70%), information about the excess utilization is sent to Users email.
Daily Threat Report Aggregates the threat information generated over 24 hours and sends the report by e-mail. (Once a day, 01:00)

You can receive Threats notifications by user.

Endpoints notifications

Note

In Policy > Group Policy Management > Agent, the notification message display must be set to ‘Enable’.

Endpoints notification means 'pop-up notification function when a threat is detected' on the terminal where the agent is installed.

Users Notification Settings

  1. In System > Settings > Users, check Agent Notifications > Threat alert.
  2. Enter the 'Device ID' of the Users PC to display the notification window.

Device ID can be checked in the Basic Information tab of Analysis > Management terminal.

Endpoints Notification Settings

You can configure Endpoints notification settings for each policy in Policy > Group Policy Management > Response. XBA detection notification settings require notification settings for individual XBA rules.

Item Settings Description
Response to Known malware-Agent Notification Messages Disable /Low/Medium/High YARA, Select whether to notify the user through the agent pop-up when a dangerous process registered in the IOC DB is detected.
Response to Unknown malware response-Agent Notification Messages Disabled/ML.Medium/ML.High When detected by machine learning Sets the minimum risk to be displayed to the user through the agent pop-up.
Response to Malicious IP-Agent Notification Messages Disable/Enable When a connection is detected with a malicious IP registered in the IOC DB Select whether to notify the user through the agent pop-up.

After Policy Settings, settings can be made through ‘Policy Settings’ on the Analysis > Endpoints group settings page or ‘Policy Name’ on the individual Endpoints detailed screen.