Alerts

You can configure Tenable.sc to perform actions, such as email alerts, for select vulnerability or alert occurrences to various users regardless of whether the events correlate to a local vulnerability or not. Other alert actions include UI notifications, ticket creation/assignment, remediation scans, launching a report, email notification, and syslog alerting. Many actions can be assigned per ticket.

Click the menu to add an alert from the main Alerts page. Here you can, Edit, Evaluate, View (view details of), and Delete alerts. The Evaluate option allows an alert to be tested whether it has met the configured time criteria or not. Clicking on an alert will take the user to the Edit Alert page for the selected alert.

Alert Options

Option Description
General

Name

The name of the alert.

Description

A description for the alert.

Schedule

The setting will determine how often the alert checks for the conditions to be matched. Selections vary in frequency from 15 minutes to monthly. Selecting the option of Never will create the alert to be launched only on demand.

Behavior

If set to alert on the first occurrence, the alert will only trigger when the condition initially changes from false to true. The other option is to trigger on each detection of the true condition.

Condition

Type

Vulnerability, Event, or Ticket.

Trigger

  • IP Count – Trigger on vulnerabilities or events whose IP address count matches the given parameters.
  • Unique Vulnerability/Event Count – Trigger an alert when the vulnerability/event count matches the given parameters. This option is set to Unique Vulnerability Count for vulnerability alerts and Event Count for event alerts.
  • Port Count – Trigger an alert when the events/vulnerabilities using a certain port number match the given parameters.

Query

The dataset to which the trigger condition will be compared.

Filters

Apply advanced filters to the vulnerability or event data. The complete filter set may be created here, or if a Query was selected those parameters may be edited.

For more information, see Filters.

Actions

Add Actions

Adding actions will determine what the alert does with triggered events. The options are Assign Ticket, Email, Generate Syslog, Launch Scan, Launch Report, or Notify Users. Multiple actions may be triggered for each alert.

For more information, see Alert Actions.