Notifications
Notifications and Notification Channels provide a mechanism for ReflexSOAR to communicate with security teams outside of the ReflexSOAR platform.
Note
Notifications are currently still in the beta phase, but are functional at this time.
Supported Channels
Reflex currently supports the following types of Notification Channels:
Creating Notification Channels
To create a new Channel, the following steps can be used:
- Navigate to the Notifications page
- Click
New Channel - Select the Organization you wish to use
- Select the Channel type
- Provide a name and description for the Channel
- Provide the necessary configuration for your Channel type
- Provide a message template for your Notifications to follow
- Click
Createafter reviewing the configuration
Using Notification Channels
To use Notification Channels to alert you of particular Event, an Event Rule must be created. By selecting the newly created Notification Channel for the Event Rule, you will be alerted via that Channel any time that Event Rule matches an Event.
The Notifier service is the service that handles Notifications and sends them out.
Message Templates
To create effective Notifications to send to your defined Channel, we recommend using Jinja2 to create your message templates.
Jinja is a fast, expressive, extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. Then the template is passed data to render the final document.
By utilizing Jinja to create message templates, you can auto extract fields, such as the Event title or severity fields, and format them to send as a Notification. This allows you to be easily notified of important fields you wish to monitor in your Events.
Example Jinja Template
Below is a brief example of a Jinja2-formatted message template to use when Notifications are sent.