# Notification Management

The CyberCyte Portal allow users to configure the initial settings in a minute. This section includes:

* Notification,
* Reporting,
* Agent deployment,
* Policy management

Also, these configurations can be done manually one by one. But for quick setup, we highly recommend this section. Please navigate to "Most Used" -> "Initial Settings & Deployment" to access. 

<figure><img src="/files/YpQA77AgSPwqOu3pemN2" alt=""><figcaption></figcaption></figure>

Notifications can be also set manually or users can use the wizard to configure it.

## Wizard for Notification Configuration

* The portal has a wizard that guides the users on how to configure important settings in the organization. For access to the wizard please click this icon on the top right side of the web page:

<figure><img src="/files/cCWcFsqLGMfDndysHLec" alt=""><figcaption></figcaption></figure>

* After clicking the wizard icon, the portal will redirect the users to the configuration steps. For notifications, please click the 3rd step and do the steps that are shown in the wizard.

<figure><img src="/files/8eJEXNJog4zsapwosn87" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/SbnGI4BZl0ADlvdA1YVO" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/FXmelFupalmFSwObqc0C" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/L25wkIOHeNrFx8lh8cHv" alt=""><figcaption></figcaption></figure>

## Using Notable Events for Notifications&#x20;

To get notifications for notable events please go to the Rules & Policies -> Query Based Classifications. Please select the "Notable Events" on the artifact type sections search bar and make sure they are all enabled. If they are not enabled, click on the "..." button top left of the table.

After enabling the rules, please go to Settings & Reporting -> Notification Settings -> Notification Parameters. Create a new setting like below:

<figure><img src="/files/tKHjgiN8OIf6FOn8XM9w" alt=""><figcaption></figcaption></figure>

Go to "Settings & Reporting" -> "Notification Settings" -> "Notification Templates" and clone the existing templates by clicking the "..." button on the right side of the grid. The templates are categorized with tags, each tag refers to an analysis.

<figure><img src="/files/OyojLdTglUK7aodR11GQ" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/29Ozzoc2QqS5Rpg3t1bu" alt=""><figcaption></figcaption></figure>

After finishing the editing, save the template and click on the "..." button again. Select "Assign to Notify Rule(s)". Select the rules and click the "Next" button at the top right. By default, we suggest "Threat Analytics: Windows Object and Honeypot Access Events", "Threat Analytics: Windows File Activity Analysis", "Threat Analytics: Windows Sysmon Threat Analysis", and "Windows: Windows Sysmon Analysis" rules, but users can add more or less. The demonstration is below:

<figure><img src="/files/JyPSMPv9v6PdGVAdTNUH" alt=""><figcaption></figcaption></figure>

Select the notification parameter that was just created and recheck the settings. If everything is okay, click on the "Assign" button. From now on, the portal will notify you if some notable event is captured.

<figure><img src="/files/Cat3TMaUvOK0uCx3LliS" alt=""><figcaption></figcaption></figure>

## Manuel Configuration for Notifications&#x20;

To assign and create notifications for Critical and High-Risk events. Please navigate to "Notification Settings Templates" from Settings & Reporting. Choose "Notable Event Notification Template" and click "..." to select "Assign to Notify Rules(s) action. Once selected apply the filter "All: Notable Event" and select the rules to send the notifications. Initially selecting the "Critical Risk Notable Events" and "Malicious Events" is recommended. Follow these steps to configure notifications manually:

1. By default, Twilio SendGrid is used to send the e-mails. A custom e-mail server can be configured from "Settings & Reporting" -> "Organization Settings" -> "Mail Server".

<figure><img src="/files/GoqbOYis7GnaiHRlgTss" alt=""><figcaption></figcaption></figure>

2. The second step is to configure the notification parameters. The parameters can be configured for each notification type. The notification parameters are configured through "Settings & Reporting" -> "Notification Settings" -> "Notification Parameters".

<figure><img src="/files/if0wnqjNCaBH9BZSp4s5" alt=""><figcaption></figcaption></figure>

* Once the notification parameters are configured, "Notification Setting Templates" define the notification messages. The templates are assigned to "Classification Rules" with the type "Notify". To customize a template, please click the "…" button, select the clone, and then edit the cloned template. Through the "…" button, the template is assigned to the classification rules where an alert is to be generated.

<figure><img src="/files/SAweu4hMFq5xNncTNgL8" alt=""><figcaption></figcaption></figure>

* Through classification rules, the notification messages can be customized further under the "Rules & Policies" -> "Artifact Classification" -> "Query Based Classification". Classification rules with the type **"Notify on Match"** is used to execute notifications.

<figure><img src="/files/g8R9V0nZcXFfD8AuWxKS" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudcyte.com/getting-started/configuring-modules/notification-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.