Configure Notification Rules

Configure Seeker to take automatic actions upon vulnerability detection: create a ticket in a bug tracking system or send notifications to the relevant recipients.

To enable this, you need to configure custom notification rules for certain predefined detection events.

  1. In the main menu, click (Settings)> Notification Rules. A list of currently defined rules is displayed.
  2. To add a new rule, click +Add notification rule. To edit an existing rule, click its name or the Edit button in the list.
  3. Toggle the Enabled switch on, and enter the following rule properties:
    PropertyDescription
    Projects From the dropdown list, select one or more projects to which the rule applies, or select All.
    Key A unique key of the rule to use in API calls. Must be between 3 and 32 characters long, and contain only lowercase and uppercase letters, digits and underscores.
    Name A friendly name of the rule that appears in the list.
    Event Select one of the predefined detection events to which the rule applies, for example, A vulnerability is first seen.
    Event options Choose the vulnerabilities to which the rule applies, filtering them by tags, severity, checkers, code locations, namespaces, endpoints, and code paths. If no filter is set, everything is included.

    If the event is A vulnerability is first seen, you can access the existing vulnerabilities, matching the selected filters, by clicking the Click here link below the filters.
  4. Select a Triggered action to take upon the event, and set the properties accordingly.

    If the selected event is A vulnerability is first seen:

    PropertyDescription
    Apply tags Enter one or more custom tags that you want to apply to vulnerabilities upon this event.
    Create a ticket For each project, a ticket will be created in a bug tracking system configured for this project. For instructions, see Configure Bug Tracking Integration.
    Mark as archived/ignored/fixed Choose a status to assign to vulnerabilities automatically upon detection.
    Send an email Enter a comma-separated list of email recipients. To enable sending emails, you need a configured SMTP account. For instructions, see Configure SMTP Account.
    Send a Slack message Enter an incoming Webhook URL. For instructions, see Slack - Incoming Webhooks.
    Send a Webhook request Enter a Webhook URL, and optionally, a JSON Payload indicating the vulnerability parameters to pass in the request. Click to see the actual format.

    If the selected event is A vulnerability has not been seen for a certain time, enter the number of Days since last seen and select how to change the vulnerability status:

    • Mark as archived
    • Mark as ignored
    • Mark as fixed (default)

    If the selected the event is A vulnerability has been archived for a certain time, enter the number of days, and choose Delete as a triggered action. This will cause automatic bulk deletion of vulnerabilities that fit this condition.

  5. Click Save.
  6. In the list of rules, you can toggle the Enabled switch for or Delete any rule.