Skip to main content

Cyware Orchestrate

Types of Notifications

Based on the nature of the alerts in Orchestrate, the notifications are classified as:

  • Pending Actions

  • Responded Actions

  • Informational Notifications

Pending Actions

Pending actions are notifications that demand input for Playbooks from analysts. Analysts will receive email notifications asking for input to proceed with playbook execution. Pending actions are purged after 180 days.

For example, an incident response playbook can be configured to request approval before blocking the identified malicious indicators on the firewall. When the Playbook is triggered manually or automatically, it halts at the input point and notifies the configured users for approval. On providing the necessary input, the playbook execution resumes.

For pending actions, you can

  • Provide approvals for playbook execution in the form of a Yes/No button click. For boolean inputs, you can take required actions (Yes/No) from the email without signing in to the Orchestrate application. If another user has already responded to the approval request, then the redirection shows the action taken for the approval. The approval URL will expire after 5 days as it contains a temporary JSON Web Token (JWT) for authentication.

  • Provide input or multiple inputs to the playbook execution with a text/integer/date etc. If you need to provide input as text/integer/date, you will be redirected to the Orchestrate playbook run logs to enter the input.

Note

You will receive notifications only for the Playbooks you are associated with in one of the following ways:

  • You are included in the user group for Enable email notifications to Approver in Playbook input

  • You are included in the user group for Capture input on Cyware Enterprise App in Playbook input

Responded Actions

All the pending actions once responded, will be logged as responded actions. The actions will be marked with a Responded tag. Responded actions are purged after 7 days.

Note

  • The actions that are responded with a boolean input will be marked with a Yes or No tag, depending on the input.

  • The actions that are responded with text/date/integer etc will be marked with a Responded tag.

Informational Notifications

Informational notifications are a list of alerts to inform you of the various activities occurring in the application. These notifications do not require any input from you. You can also find the status of the run logs that you export here. Informational notifications are purged after 7 days.

The following are a few examples of informational notifications:

  • Status of run logs export

  • Webhook expiry

  • OpenAPI expiry

  • App instance expiry

  • Tenant expiry

  • System errors

  • Playbook execution failures

  • Playbook updates for the playbooks that you follow

  • Date and time settings updated by the administrator

Note

  • You will receive expiration notifications for the Webhooks, OpenAPI, and app instances that you have created.

  • Admins are notified of system errors, license expiry, and subscription expiry.

  • You will receive the notifications if you have bookmarked the Playbook

  • All users receive a notification when the administrator enables or disables users to override the date and time settings.

  • All users except those who have overridden the admin settings receive a notification when the administrator updates the date and time configuration.