Alert rule presets can be created here. The preset created here and set as default is automatically applied in all projects.
Other global presets can be used to quickly import presets to projects by clicking on the "Import Global Preset" button under project settings. If there is a global default preset, other rules entered at the project level work alongside that global preset, and alerts are sent for all conditions satisfying them. Global presets imported to projects can be edited under projects. However, it will apply the changes only to the project-level rules.
A preset can be created by clicking on the "+Add Preset" button. A present needs to be given a name, and you can insert rules by clicking on the "+Define New Rule" button.
The selections available are as follows and all combined selections indicated by a + sign below are treated as "AND" statements ;
1. OWASP Top 10 Category + Severity Level: Owasp Top 10 categories can be used on their own to send alerts whenever vulnerabilities in that category are discovered or can be combined with the severity level.
2. PCI Requirement + Severity Level: PCI Requirement categories can be used on their own to send alerts whenever vulnerabilities in that category are discovered or can be combined with the severity level.
3. Severity Level + OWASP Top 10 Category: Severity level can be used on its own to send alerts whenever vulnerabilities in that category are discovered or can be combined with Owasp Category.
4. Scan Risk Score: Alerts can be sent when the risk score of a scan is higher than a specific risk score or the organization's risk score.
5. WOE in Days + Severity Level + OWASP Top 10 Category: If alerts are to be sent when particular vulnerabilities remain open for more than a certain amount of time (in days), then WOE in days should be selected first, and then it should be combined with severity and OWASP categories. WOE in Days can also be chosen alone, which will send alerts for all vulnerabilities remaining open for more than the specified number of days.
Kondukto sends a second alert one week after sending the first notification in case the issue still remains open. The second alert is sent with all team leads in the project cc'd to the e-mail if e-mail is selected as the notification channel.
6. Scan Frequency: Notifications can be sent when the project has not been scanned for more than a certain amount of time (in days).
7. Scan Duration: Notifications can be sent when a scan takes longer than a specific time.
All rules entered appear on the Alert Rules table, consisting of Rule Name, Value, and Action columns. Editing and deleting are available on the Actions column for each alert rule created.
Updated 4 months ago