Alert Actions
Tenable Security Center automatically performs alert actions when an alert triggers. You can configure the following types of alert actions:
Tip: Use email alerts to interface with third-party ticketing systems by adding variables in the message option.
For more information, see Alerts.
When the alert triggers, Tenable Security Center creates a ticket and assigns the ticket to a user. For more information, see Tickets.
|
Option |
Description |
Default |
|---|---|---|
|
Name |
(Required) The name of the ticket. |
Ticket opened by alert |
|
Description |
A description for the ticket. |
-- |
|
Assignee |
(Required) The user who receives the ticket. |
-- |
When the alert triggers, Tenable Security Center sends an email.
|
Option |
Description |
Default |
|---|---|---|
|
|
||
|
Subject |
The alert email subject line. |
Email Alert |
|
Message |
The body of the email message. You can include the following variables to customize the email:
The following sample email alert contains some of these keywords embedded into an HTML email: Alert <strong>%alertName%</strong> (id #%alertID%) has triggered.
<strong>Alert Definition:</strong> %triggerName% %triggerOperator% %triggerValue% <strong>Calculated Value:</strong> %calculatedValue%
Please visit your Tenable Security Center (<a href="%url%">%url%</a>) for more information. This e-mail was automatically generated by Tenable Security Center as a result of alert <strong>%alertName%</strong> owned by <strong>%owner%</strong>.
If you do not wish to receive this email, contact the alert owner. |
(see description) |
|
Include Results |
When enabled, Tenable Security Center includes the query results that triggered the alert (maximum of 500). |
Disabled |
| Recipients | ||
|
Users |
The users who receive the alert email. Tip: If you delete a user who receives alert emails, the action option for the alert turns red and Tenable Security Center displays a notification to the new alert owner with the new alert status. To resolve this, update the list of users in the alert email. |
-- |
|
Email Addresses |
Specifies additional email addresses to include in the alert email. For multiple recipients, add one email address per line or use a comma-separated list. |
-- |
When the alert triggers, Tenable Security Center sends a custom message to a syslog server.
|
Option |
Description |
Default |
|---|---|---|
|
Host |
(Required) The host that receives the syslog alert. |
-- |
|
Port |
The UDP port used by the remote syslog server. |
514 |
|
Severity |
The severity level of the syslog messages (Critical, Notice, or Warning). |
Critical |
|
Message |
(Required) The message Tenable Security Center sends with the syslog alert. |
-- |
When the alert triggers, Tenable Security Center launches an active scan from an existing active scan template. The active scan Schedule must be On Demand. For more information, see Active Scans and Active Scan Settings.
Note: At this time, the Launch Scan alert action does not support web app scans, agent scans, or agent sync.
|
Option |
Description |
Default |
|---|---|---|
|
Scan |
(Required) The scan template Tenable Security Center uses for the alert scan. Note: Tenable Security Center scans the host that triggered the scan, not the host within the scan template. Tenable Security Center uses the top 100 IP results from the alert query for the scan targets. |
-- |
When the alert triggers, Tenable Security Center generates a report from an existing report template. For more information, see Reports.
|
Option |
Description |
Default |
|---|---|---|
|
Report Template |
(Required) The report template Tenable Security Center uses to generate a report based on the triggered alert data. |
-- |
When the alert triggers, Tenable Security Center displays a notification to the specified users.
|
Option |
Description |
Default |
|---|---|---|
|
Message |
(Required) The notification message Tenable Security Center sends when the alert triggers. |
-- |
|
Users |
(Required) The users who receive the notification message. |
-- |