It is possible to create alert rules to send automated alerts about events that Kondukto is aware of. When enabled, Kondukto sends alerts about completed and failed scans by default. Users can also create custom rules for more specific cases and set rules both at a global and a project level.
The preset rule created at a global level set as default is automatically applied in all projects. Other global preset rules can be used to quickly import presets to projects by clicking on the "Import Global Preset" button. If there is a global default preset rule, other rules entered at the project level work alongside that global preset rule, and alerts are sent for all conditions satisfying them. Users can edit global preset rules imported to projects under projects. However, the changes will be applied only to the project-level rules.
For email, it is possible to send emails to only team leads in the project or all team members. Independent of the selection made or even if no choice is made, notifications can be sent to other Kondukto members by selecting from the Additional Email Recipients section.
Custom rules can be created by clicking on the "Add Custom Alert" button. The selections available are as follows and all combined selections indicated by a + sign below are treated as "AND" statements ;
OWASP Top 10 Category + Severity Level: Owasp Top 10 categories can be used on their own to send alerts whenever vulnerabilities in that category are discovered or can be combined with the severity level.
PCI Requirement + Severity Level: PCI Requirement categories can be used on their own to send alerts whenever vulnerabilities in that category are discovered or can be combined with the severity level.
Severity Level + OWASP Top 10 Category: Severity level can be used on its own to send alerts whenever vulnerabilities in that category are discovered or can be combined with Owasp Category.
Scan Risk Score: Alerts can be sent when the risk score of a scan is higher than a certain risk score or the organization's risk score.
WOE in Days + Severity Level + OWASP Top 10 Category: If alerts are to be sent when specific vulnerabilities remain open for more than a certain amount of time (in days), then WOE in days should be selected first. After that, it should be combined with severity and Owasp categories.
WOE in Days can also be selected alone, in which case alerts will be sent for all vulnerabilities remaining open for more than the specified amount of days.
Kondukto sends a second alert one week after sending the first notification in case the issue still remains open.
The second alert is sent with all team leads in the project cc'd to the email if the email is selected as the notification channel.
Scan Frequency: Notifications can be sent when the project has not been scanned for more than a certain amount of time (in days).
Scan Duration: Notifications can be sent when a scan takes longer than a certain amount of minutes.
All rules entered appear on the Alert Rules table, consisting of Rule Name, Value, and Action columns. Editing and deleting are available on the Actions column for each alert rule.
Updated 8 months ago