The power of setting policies lies in the ability to create notifications that are triggered when an application’s policy status changes. These can be system notifications, email notifications, or both. There are two toggles for system notifications. The first, in the policy row, will turn on notifications for all applications to which this policy applies.
Recall that a user’s ability to see policy notifications is dependent on the notification settings governing the viewing of policy change notifications, located in the user’s details page.
With notifications turned on globally (and enabled in the user’s notification settings,) any changes in a policy’s status will appear in the Notifications dropdown. As usual, ThreadFix will filter these based on the user’s role.
Add email addresses to global policy
ThreadFix can also notify selected users (or lists of users) of a change in a policy’s status by email. This requires that you have email configured properly for your environment.
To configure ThreadFix to email policy status changes, click the Add Emails button.
This will display a modal dialog. In the top text field, type the email address of the user you would like to be notified if this policy changes, then click the Add button. Repeat this process for as many users as necessary. If you have any email lists created already, they will appear in the lower dropdown menu. Select the name of a list and click Add.
After the addresses and lists have been added, they appear below each field. Click Close when you are finished.
Add notifications and email addresses per application
You can also apply a finer-grained control to policies by toggling notifications and email alerts per-application in your policy settings. First, click off the global Notifications toggle for the application. Then, open the policy application details by clicking the toggle arrow at the left of the policy name.
In this example, you have turned on notifications for the bodgeit application, under DG Test Team. All users with permissions for this team (and to view policy notifications) will see notifications when the policy status changes. ThreadFix checks for status changes when vulnerability data changes. Since notifications are off for the Contoso application, ThreadFix will not display policy change notifications.
You can add separate email addresses and email lists to each application as well. The process is the same as it was for the addition of global emails and lists. Click the Add Emails button next to the application.
A modal dialog is again displayed. Add your email addresses and lists, clicking the Add button each time. When you are finished, click Close.
| Table of Contents |
|---|