Configure email notifications

The Communication page allows you to enter the email addresses of administrators or users who you want to receive notifications about:

  • Alerts
  • Security Connector upgrades
  • ETP Client upgrades
  • System issues

Alerts

Alerts are notifications that are sent to specific administrators or users with event information. Alerts are sent based on the Send Alert setting in a policy. For example, if the Send Alert setting is enabled for known threats in the Malware threat category, an alert is sent whenever a known Malware threat is detected and an event is logged in ETP.

When a new alert is triggered, users receive notifications at near real-time. If additional alerts are detected within a five minute period of sending out a notification, the user is notified about these alerts after the five minute period.

Users may receive alerts for inline or lookback events. Inline events are events that are detected at the time of access, while lookback events are discovered by threat intelligence after access.

Data in alert notifications are organized by domain. If multiple locations or sub-locations are associated with alerts, alerts are also organized by location or sub-location. Email notifications contain important information about the alert such as the associated policy and list, the reason a threat was identified, as well as the action taken on the alert.

If your organization is enabled to do so, an ETP super administrator can associate specific locations or sub-locations to an alert notification email address. This means that alert notifications can contain information based on the locations or sub-locations that the recipient is allowed to receive information about.

These conditions also apply:

  • If a location or sub-location is assigned to a policy that's enabled with ETP Proxy, the email notification contains additional information that is specific to HTTP traffic such as URI and the total number of HTTP threat events.

  • A maximum of 200 domains are listed in the email. To view additional information, users need to log in to ​Enterprise Threat Protector​. If the email is in HTML format, links to related ETP pages are also provided. For information on the data that is in an alert notification email, see Data in alert notifications and scheduled reports.

  • By default, all notifications are sent in HTML format. However, an administrator can choose to send alert notifications in HTML or text format. The format you select applies to all users configured to receive alert notifications.

You can also add email addresses for alert notifications on the Policies page. An area is provided where you can enter an email address or paste email addresses of alert notification recipients. By default, email addresses added on the Policies page are configured to receive alert notifications with data for all locations or sub-locations. To select the specific locations or sub-locations that a user receives notifications about, see Assign locations or sub-locations for alert notifications.

📘

If your organization uses a ticket tracking system, such as ServiceNow, you can provide a ticketing system email to automatically create a ticket for each alert.

Security Connector and ETP Client upgrades

Administrators can enable users to receive notifications about Security Connector and ETP Client upgrades. These notifications are sent in HTML format.

For Security Connector upgrade notifications, you can also enter email addresses on the Security Connector page.

System Issues

When enabled for notifications about system issues, administrators receive emails about:

  • Configuration issues in ETP. ETP sends notifications when a domain for a location resolves to an invalid IP address. ETP sends out an email notification with the location name, domain, and the IP address.

    This email notification only applies if your organization uses dynamic DNS for a location configuration. For more information, see About locations.

  • Expiring certificate for ETP Proxy. ETP sends a notification when the TLS MITM certificate that was generated or uploaded to ETP is scheduled to expire in 30 days or less. Administrators set to receive System Issues communication emails are sent an email notification until a new certificate is uploaded or generated. For more information, see ETP Proxy MITM certificate.

Add email addresses for notifications

You can add the email addresses of users or administrators who you want to receive these notification emails:

  • Alerts about suspected or confirmed security threats.

  • Availability of a software upgrade for ETP Client or the security connector.

  • If your organization uses dynamic DNS in a location configuration, an email notification lists the locations with domains that are returning invalid IP addresses.

  • Notifies users when the TLS MITM certificate for ETP Proxy is expected to expire in 30 days or less.

After adding an email address, you need to assign the type of notification emails that you want the user to receive. For more information see Assign email notifications. You need to be an ETP super administrator to perform this task.

To add email addresses for notifications:

  1. In the Threat Protection menu of Enterprise Center, select General Settings > Communication.

  2. Click the plus sign icon.

  3. In the Communication Emails window, enter an email address and press Enter. You can also paste multiple email addresses into the field.

  4. Click OK.

Next steps

Select the type of email notifications that you want users to receive. For more information see Assign email notifications.

Assign email notifications

Before you begin

You need to be an ETP super administrator to perform this task.

Add email addresses for notifications.

After adding email addresses, you can assign the type of notifications that you want users or administrators to receive. These email notification types are available:

  • Alerts. Notifications about suspected or confirmed security threats. You can select that end users receive an email in HTML or text format. The format you select is applied to all users configured to receive alert notifications.

  • ETP Client Upgrade. Notification that indicates a new version of ETP Client is available to download.

  • Security Connector Upgrade. Notification that indicates a new version of Security Connector is available to download.

  • System Issues. Notification about configuration issues in ETP. If your organization uses dynamic DNS in a location configuration, the email notification lists the locations with domains that are returning invalid IP addresses. A notification is also sent to administrators when the man-in-the-middle TLS certificate is about to expire.

To assign email notifications:

  1. In the Threat Protection menu of Enterprise Center, select General Settings > Communication.

  2. Go to an email address, and assign any of these notification types:

    • Alerts
    • ETP Client Upgrade
    • Security Connector Upgrade
    • System Issues
  3. If you assign an email address to an Alert notification, you can select the format of the email. In the menu, select HTML Email or Text Email.

  4. Click Update.

Assign alert notification recipients

Before you begin

Add email addresses for notifications.

After adding email address for notifications, an ETP super administrator can select alert notification recipients.

When a new alert is detected, those who are configured to receive alert notifications are sent notifications at near real-time. If more alerts occur within a five minute period, the user is notified about these alerts after the five minutes. Data in email notifications are organized by domain. If an alert is detected in multiple locations, alert information is also organized by location. The email also contains other important alert information, such as the associated policy, list, and the action taken on the alert.

To assign alert notification recipients:

  1. In the Threat Protection menu of Enterprise Center, select General Settings > Communication.

  2. Click the plus sign icon.

  3. In the Communication Emails window, enter an email address and press Enter on your keyboard. You can also paste multiple email addresses into the field.

  4. Click OK.

  5. Find the email address or email addresses that you provided and select the corresponding box in the Alert column.

  6. If you can assign specific locations to an alert notification, click the chain icon and deselect the locations that you want to exclude from alert notifications. If necessary, you can find locations by entering the location name in the provided search field.

  7. Click Update.

Assign locations or sub-locations for alert notifications

Before you begin

Make sure you added and assigned email addresses for alert notifications. See Add email addresses for alert notifications or Add email addresses for notifications.

By default, an alert notification recipient is configured to receive notifications related to all locations or sub-locations. If your organization is enabled for this feature, an ETP super administrator can assign specific locations or sub-locations to the email address. This action allows alert recipients to see alert data for assigned locations or sub-locations. For example, if a delegated administrator is also an alert notification recipient, a super administrator can associate the delegated administrator's email address to the locations or sub-locations that they are allowed to manage.

📘

You need to contact your ​Akamai​ representative to enable this feature in ETP.

To assign locations or sub-locations for alert notifications:

  1. In the Threat Protection menu of Enterprise Center, select General Settings > Communication.

  2. Locate the email address of the alert notification recipient.

  3. If All Locations are assigned and you want to assign only specific locations or sub-locations:

    1. Click the chain icon.

    2. Deselect any locations or sub-locations that you do not want the recipient to receive notifications about.

    3. Click Associate.

  4. If specific locations or sub-locations are already selected and you want to make changes:

    1. Click the chain icon.

    2. Select or deselect locations or sub-locations.

    3. Click Associate.

  5. Click Update.

Select format of alert notifications

By default, alert notifications are sent in HTML format. However, you can choose to send alert notifications in HTML or text format. The format you select applies to all users configured to receive alert notifications.

You need to be an ETP super administrator to perform this task.

To select format of alert notifications:

  1. In the Threat Protection menu of Enterprise Center, select General Settings > Communication.

  2. In the menu located on the Alerts column, select the desired format of the email. You can select HTML Email or Text Email.

  3. Click Update.

Add email addresses for Security Connector upgrade notifications

You can provide the email addresses of administrators or other users within your organization that you want notified when an upgrade to Enterprise Security Connector is available in ETP. You can enter email addresses on the Security Connector page or the Communication page.

You need to be an ETP super administrator to perform this task.

To add email addresses for Security Connector upgrade notifications:

  1. In the Threat Protection menu of Enterprise Center, select one of these options:

    • Clients & Connectors > Security Connectors.

    • General Settings > Communication.

  2. If you're on the Security Connector tab:

    1. Click the email icon.

    2. In the field for notification emails, enter an email address and press Enter. You can also paste multiple email addresses separated by commas.

    3. Click Save.

  3. If you're on the Communication tab:

    1. Add email addresses for Security Connector upgrade notifications:

      1. Click the plus sign.

      2. In the Communication Emails window, enter an email address and press Enter. You can also paste multiple email addresses into the field.

      3. Click OK.

    2. Go to an email address and select the Security Connector Upgrade notification type. Click Update.

Remove a notification email assignment

From the Communication tab, you can unassign any of these notification types that are associated with an email address:

  • Alerts
  • ETP Client Upgrades
  • Security Connector Upgrades
  • System Issues

You need to be an ETP super administrator to perform this task.

To remove a notification email assignment:

  1. In the Threat Protection menu of Enterprise Center, select General Settings > Communication.

  2. Locate the email address of the user you no longer want receiving an email notification.

  3. Deselect the checkbox associated with any of these notification types::

    • Alerts
    • ETP Client Upgrade
    • Security Connector Upgrade
    • System Issues
  4. Click Update.

Remove a notification email address

You can remove email addresses that were added for email notifications.

You need to be an ETP super administrator to perform this task.

To remove a notification email address:

  1. In the Threat Protection menu of Enterprise Center, select General Settings > Communication.

  2. Locate and hover over the email address that you want to delete.

  3. Click the delete icon that is associated with the email address. A dialog appears.

  4. Click Yes to confirm the deletion.

Remove an alert notification email address

If you're an ETP super administrator, you can remove the email addresses that were previously provided to receive alert notification emails.

To remove an alert notification email address:

  1. In the Threat Protection menu of Enterprise Center, do one these steps:

    • Select General Settings > Communication.

    • Select Policies > Policies.

  2. Select the email address that you want to remove, and click the delete icon.

  3. If you removed an email address in the Communication tab, in the dialog that appears, click Yes to confirm the deletion.

Remove an email address for Security Connector upgrade notifications

If you're an ETP super administrator, you can remove the email addresses that were previously provided to receive Security Connector upgrade notifications.

To remove an email address for Security Connector upgrade notifications:

  1. In the Threat Protection menu of Enterprise Center, do one of these steps:

    • Select Clients & Connectors > Security Connectors.

    • Select General Settings > Communication.

  2. Select the email address that you want to remove, and click the delete icon.

  3. Do one of these:

    • If you removed an email address in the Security Connector tab, click Save.

    • If you removed an email address in the Communication tab, in the dialog that appears, click Yes to confirm the deletion.

Data in alert notifications and scheduled reports

This table describes the data included in an alert notification email or scheduled report:

📘

If you select Text format for the report, columns and values in the report are shown in a pipe-delimited format.

📘

If you schedule a report for DNS or proxy summary data, an administrator is emailed a PDF that contains bar graphs with the top activity for a specific dimension, such as location, geographical region, domain, and more. This is the same data that an administrator can view in the DNS Summary and Proxy Summary activity reports.

Data

Description

Details

Includes this information about the event or alert:

  • The requested domain. Domains appear as links to the Indicator Search page where additional information about the event is provided.
  • Whether the event was detected while the end user was on or off the corporate network.
  • Action taken to mitigate the threat as a result of the associated policy configuration.
  • The confidence level that <> has in classifying the domain as a threat. The report indicates whether the domain is a confirmed or suspected threat.
**Note**: If the report is in text format, domain, detection, action taken, and confidence data appear as separate pipe-delimited values.

Location

The location or sub-location of the user who made the request. The provided location is also a link to the Locations page in ETP.

Policy

The policy that is associated with the location. The provided policy name is also a link to the Policies page in ETP.

List

The list where this domain is a confirmed or suspected threat. The provided list name is also a link to the Custom Lists page.

Affected Internal IP

The private or internal IP address of a machine in your network that communicates with the security connector and is known to be compromised. This value appears in a scheduled report when an Affected Internal IP is detected in a DNS security connector event. This data does not appear in alert notifications.

Count or DNS Count

The total number of alerts or events that are associated with the domain. The count for a domain is also a link to the Threat Events report.

URI(s)

Uniform Resource Identifier. Characters or string that identify a resource. For example, a URL. As a result of grouping data by domain and locations, more than one URI may be listed in alert notifications and scheduled report results.

Reason(s)

Informs how a threat event was identified. Any of the these reasons may appear:

  • <> Intelligence: Indicates threat event was identified by <> or a threat category.
  • Customer Intelligence: Indicates threat event was found based on an administrator's custom list configuration.
  • Document Static Analysis: Indicates threat event was found based on inline payload analysis of a document.
  • Executable Static Analysis: Indicates threat event was found based on inline payload analysis of a document.
  • AV scan: Indicates threat event was found by an antivirus scan.
As a result of grouping data by domain and locations, more than one reason may be provided in alert notifications and scheduled report results.

HTTP Count

The total number of alerts or events that are associated with HTTP traffic.


Did this page help you?