ThreatConnect® allows users to receive push-notification and email updates on changes to Indicators, Groups, Tags, Tracks, Victims, and other items that they want to track. Notifications are viewed in the Notifications Center and may be configured to users’ preferences, including by type of item, priority level, and type of notification desired (push vs. immediate email vs. daily-digest email). Users elect to receive notifications on an item by using the Follow Item area on its Details screen. Users can also choose to follow their own Organization, allowing them to receive updates and alerts on work done to their own data. Notifications can also be set up using the Add ThreatConnect Notification Playbook app. See Playbooks for more information on Playbook apps and how to build Playbooks.
- Notifications are viewed and configured in the Notifications Center. To access the Notifications Center, click the Notifications icon on the top navigation bar (Figure 1).
- The Notifications Center will appear (Figure 2).
- If there are unread push notifications, the Notifications icon will have a bubble on its top right that displays the number of push notifications that are unread. For example. indicates that there are four unread push notifications. If there are no unread push notifications, but there are other unread notifications, then the Notifications icon will have a bubble with a dot in the center on its top right (). If there is no bubble, then there are no unread messages in the Notifications Center (although messages that have previously been read may still exist in the Notifications Center). When there are unread push notifications and the cursor is hovered over the Notifications icon, a summary of the unread push notifications will appear (Figure 3). See the “Notifications Settings” section for more information on push notifications.
- Click the Mark All as Read text to mark the notifications as read. Click the See All text or the Notifications icon to view all the notifications in the Notifications Center (Figure 4).
- The table in the Notifications Center (Figure 2 and Figure 4) displays a Summary, Priority (LOW, MEDIUM, or HIGH), and Date for each notification. Use the arrows in the column headers for Priority and Date to reorder the entries in the table as desired.
- Unread notifications appear with a vertical orange line to the left of their entry in the table. To mark a notification as read, click on the vertical ellipsis icon in the rightmost column for the entry and select Mark Read from the menu that appears (Figure 5). The orange line for that entry will disappear. To mark all notifications as read, click the Mark All as Read text in the top right-hand corner.
- To delete a notification, select Delete from the vertical ellipsis menu.
NOTE: For notifications that are not marked unread, only the Delete option will appear in the vertical ellipsis menu.
- The Delete Notification? window will appear (Figure 6). Click the CONFIRM button to delete the notification.
- The table in the Notifications Center can be filtered to show only notifications of a certain type or priority level or only notifications that have been read or unread. To filter notifications, click the FILTERS dropdown menu at the top left of the Notifications Center (Figure 7).
- To filter by Type (i.e., the object or other kind of information being monitored for changes), click the Type dropdown menu and select an option:
- All: Show notifications for all item types.
- Contribute: Show only notifications for Groups getting contributed to a Community or Source. (See Contributing to a Community or Source for more information.)
- Group: Show only notifications for changes made to a Group.
- Indicator: Show only notifications for changes made to an Indicator.
- Post: Show only notifications for new posts. (See Posts for more information.)
- Tag: Show only notifications for changes made to Tags.
- Track: Show only notifications for changes made to Tracks.
- Victim: Show only notifications for changes made to Victims.
- To filter by Priority, click the Priority dropdown menu and select an option: All, High, Medium, or Low.
- To filter by Read/Unread, click the Read/Unread dropdown menu and select an option: All, Unread Only, or Read Only.
NOTE: Multiple filters can be used simultaneously. For example, the filters can be set to show unread high-priority notifications for Indicators.
NOTE: The number in the red bubble on the Notifications icon will increase in real time as new notifications occur.
- Click the Settings icon at the top right corner of the Notifications Center, and the Notifications Settings screen will appear (Figure 8).
- Click on the Type dropdown menu to select the type of notification to configure. Use the first option, Default, to configure the default settings for all types of notifications. Select any of the other options, which are the same options as in the Type menu under the Filter dropdown menu in the Notifications Center (see Step 10 of the “Viewing Notifications” section), to configure the settings for notifications for that type of item.
- Use the checkboxes in the table to indicate the type(s) of notifications that should be sent for each priority level for the selected item type:
- Push Immediate: Send a push notification to the Notifications Center.
- Email Immediate: Send an email immediately when a change occurs.
- Email Summary: Include information about the change in a daily-digest summary email. The time of the daily digest is configured on the My Profile screen, as detailed in the “Setting the Email Summary Daily-Digest Delivery Time” section.
NOTE: To follow a particular type without receiving any of the delivery actions, uncheck all of the options. Notifications for that type will appear in the Notifications Center, but no push or email notifications will be sent.
- Click the SAVE button to save any changes.
Users elect to receive notifications on changes to an item by using the Follow Item area on its Details screen:
- From the top navigation bar (Figure 1), place the cursor over Browse and then over the Indicators, Groups, Tags, Tracks, Victims, or Victim Assets option. Click on one of the objects (Host Indicator in this example) to display a results table (Figure 9).
- Click on an item from the table, and the Details drawer for that entry will appear (Figure 10).
- Click the Details icon at the top right corner of the drawer, and the Overview tab of the Details screen will appear (Figure 11). Alternatively, hover over the object's entry in the table in Figure 9 and click on the Details icon that appears on the right side of its Summary cell to go straight to the Overview tab of the Details screen.
- Click the Follow Item checkbox at the top right. A check will appear in the box, and a Notification Priority dropdown menu will appear to the left of it (Figure 12).
- Select a priority of Low, Medium, or High. The actions taken for each priority level for the type of item are configured in the Notifications Settings screen. See the “Notifications Settings” section for more information.
Setting the Email Summary Daily-Digest Delivery Time
- Configure the email summary daily-digest delivery time by hovering the cursor over the Settings icon on the top navigation bar (Figure 1) and selecting My Profile from the dropdown menu (Figure 13).
- The My Profile screen will appear with the Overview tab selected (Figure 14).
- Click on the Summary E-mail Time dropdown menu, and select the desired time, ensuring that the Time Zone setting in the dropdown menu above it is correct.
- Check the Receive Post Reply Notification Emails checkbox to receive notifications when other users reply to posts the user has made. Check the Follow Organization Posts checkbox to follow posts in the user’s Organization, and then use the dropdown box that appears to set the level of notifications (Figure 15).
NOTE: Notifications for replies to posts are not configurable by notification priority level, and they do not appear in the Notifications Center. New notifications for replies to posts are indicated by a bubble next to the Posts option on the top navigation bar. See Posts for more information.
- Click the SAVE button.
- Click the Follow Settings tab to manage the list of Communities, Sources, Groups, Indicators, Tags, and Tracks that the user is following (Figure 16).
Configuring Follow Settings for Community Posts and Contributions
Organization Administrators can configure Follow settings for Community posts and contributions.
- From the top navigation bar (Figure 1), hover the cursor over the Settings icon and select Org Settings from the dropdown menu (Figure 17).
- The Organization Settings screen will appear (Figure 18).
- Click the Communities/Sources tab, and the Communities/Sources screen will appear (Figure 19).
- Click on a Community to select it. The Community Profile page for that Community will appear (Figure 20).
- In the Notification Options section towards the bottom left, check the Follow Posts checkbox to follow posts in the Community. Click the Follow Contributions checkbox to follow contributions to the Community. Use the Notification Priority dropdown menu that appears once a box is checked to set the level of notifications for that item (Figure 21).
NOTE: The procedure detailed in this section works only for Communities. It does not work for Sources.