Spyderbat
Book a DemoStart FreeContact Us
  • Spyderbat Product Docs
  • Getting Started
    • Create an Organization
    • Install the Nano Agent
    • Three Things to Try with Spyderbat Community Edition
    • Manage Users and Roles
  • Installation
    • Spyderbat Nano Agent
      • Kubernetes
        • Pre Deployment Environment Data Collection Script
      • Linux Standalone
      • AWS Unattended Install
        • Secure your Registration Code with AWS Secrets Manager
      • Create a Golden Image with the Nano Agent Pre-Installed
    • Spyderbat AWS Agent
      • AWS Linux VM
      • Kubernetes
      • Configuration Guide - AWS Linux VM
      • Configuration Guide - Kubernetes
    • Install Spyctl CLI
      • Initial Configuration
    • Install Spydertop CLI
    • Install the Spyderbat Event Forwarder
      • Helm Chart
      • Traditional Installer
  • Concepts
    • Guardian & Interceptor
      • Ruleset Policies
      • Workload Policies
    • Flashback (Go Back In Time)
      • Investigations
    • Search
      • Saved Searches
    • Summarize
      • Spydertrace Summarize
    • Dashboards
      • Dashboard Categories
    • Reports
    • Notifications
      • Notification Targets
      • Notification Templates
    • Actions
    • Integrations
      • AWS Integration
      • Spyderbat Event Forwarder
    • Suppression & Tuning
    • Scout (Detections)
      • Custom Flags
  • Tutorials
    • Flashback
      • How to Use the Investigations Feature in Spyderbat
    • Guardian
      • How to Lock Down Your Workloads With Guardian Policies Using Spyctl
      • How to Put Guardrails Around Your K8s Clusters Using Spyctl
    • Integrations
      • How to Configure Event Forwarder Webhook for Panther
      • How to Set Up Spyderbat to Ingest Falco Alerts
      • How to Create and Use a Spyderbat API Key
    • Notifications
      • How to Set Up Notifications Using Spyctl
      • How to Set up Agent-Health Notifications Using Spyctl
    • Dashboards
    • Miscellaneous
      • How to Set Up Spyderbat to Monitor Systems From vulnhub.com
    • Scout (Detections)
      • How to Set Up Custom Flags Using Spyctl CLI
  • Reference
    • Policies
      • Response Actions
    • Rulesets
    • Selectors
    • Notifications
    • Spyctl CLI
      • Spyctl Commands
      • Guardian Policy Management using Spyctl
      • Notification Template Management using Spyctl
      • Notification Target Management using Spyctl
    • Search
      • All Operators
      • All Fields
      • All Related Objects
  • Quick Links
    • Contact Us
    • Try Spyderbat for Free
    • Book a Demo
Powered by GitBook

© SPYDERBAT, Inc., All Rights Reserved

On this page
  • Prerequisites
  • Overview
  • How to Set Up Notifications
  • Step 1: Identify Notification Targets/Target Template.
  • Step 2: Access Notification Command Help
  • Step 3: Configure Notifications for a Resource
  • Step 4: Test Notifications
  • Step 5: Enable or Disable Notifications

Was this helpful?

Export as PDF
  1. Tutorials
  2. Notifications

How to Set Up Notifications Using Spyctl

Configure Notifications using Spyctl to receive alerts for significant Security or Operations events.

Last updated 1 month ago

Was this helpful?

Prerequisites

Overview

Spyderbat's notification system has 3 main components:

  • Notification Targets: Named destinations to where notifications can be sent.

  • Notification Templates: Pre-built templates containing most of the information required to create a Notification Config. These templates simplify the configuration process.

  • Notifications: Allows to you configure notifications to the targets for the Notifiable Objects.

For the the full documentation of the Spyderbat Notifications System refer to .

How to Set Up Notifications

Spyderbat allows you to configure notifications for a variety of resources and targets, enabling you to streamline your workflow and stay informed about important events. Here’s how you can set up notifications for different targets:


Step 1: Identify Notification Targets/Target Template.

Before you can configure notifications, you need to decide where to send them. Spyderbat supports several Notification Targets, such as:

  • Email

  • Slack Channel

  • Webhook

  • PagerDuty

Ensure that you have already configured the Notification Targets for these destinations before proceeding.

Each Notification Target can be mapped to an optional Custom Notification Template, which defines the structure of the notification. Pre-configured templates help streamline the setup process.

If no template is specified, Spyderbat applies its default template.


Step 2: Access Notification Command Help

To learn more about the spyctl notifications commands and their usage, run the following command:

  spyctl notifications -h

This will display the following help message:

Usage: spyctl notifications [OPTIONS] COMMAND [ARGS]...

Configure notifications for a Spyderbat resource.

Commands:
  configure  Configure notifications for a Spyderbat resource.
  disable    Disable notifications for a Spyderbat resource.
  enable     Enable notifications for a Spyderbat resource.
  list       List notifications on a Spyderbat resource.

Notification command allows you to Configure, disable, enable, list Notifications. Let's learn them one by one below.

Use spyctl notifications <command> --help for more information about a given command.


Step 3: Configure Notifications for a Resource

You can configure notifications for 3 resources within Spyderbat's Spyctl CLI, mainly Saved Queries, Custom flags, and Agent Health.

In this section we'll learn about Configuring Notifications for Saved Queries and Custom flags.

To begin, use the spyctl notifications configure command. Below are the available commands and options:

View Help for Notifications Command:

To view the available options for configuring notifications, use the following command:

 spyctl notifications -h

This will display the following help message:

Configure notifications for a Spyderbat resource.

Commands:
  custom-flag  Configure notifications for a custom flag.
  saved-query  Configure notifications for a saved query.
  agent-health Configure notificatons for agent heatlh.

Usage:
  spyctl notifications configure [OPTIONS] COMMAND [ARGS]...

For a Saved Query:

To configure notifications for a saved query, use the following command:

 spyctl notifications configure saved-query -h

This will show the usage and options for configuring notifications for a saved query:

Usage: spyctl notifications configure saved-query [OPTIONS] NAME_OR_UID

  Configure notifications for a saved query.

Options:
  --target-map    Map target names to template names. Can be used multiple times. 
                  Usage: --target-map TGT_NAME=TEMPLATE_NAME
  --targets       The Name or UID of targets to send notifications to.
  --cooldown-by   The cooldown by field(s).
  --cooldown      The cooldown period in seconds.
  --is-disabled   Disable notifications.

To configure a saved query with a target, use the following command:

spyctl notifications configure saved-query query:uOabbGEeJ \
--targets "email-target"

In this example:

--targets specifies the target (e.g., email) for sending notifications.
You can also customize settings like --cooldown or --is-disabled.

Note: You can configure notifications for multiple targets separated by comma.

For a Custom Flag:

To configure notifications for a custom flag, use the following command:

spyctl notifications configure custom-flag -h

This will display the usage and options for configuring notifications for a custom flag:

Usage: spyctl notifications configure custom-flag [OPTIONS] NAME_OR_UID

  Configure notifications for a custom flag.

Options:
  --target-map    Map target names to template names. Can be used multiple times. 
                  Usage: --target-map TGT_NAME=TEMPLATE_NAME
  --targets       The Name or UID of targets to send notifications to.
  --cooldown-by   The cooldown by field(s).
  --cooldown      The cooldown period in seconds.
  --is-disabled   Disable notifications.

To configure a custom flag with a target, run:

spyctl notifications configure custom-flag flag:teauh \
--targets "pagerduty-target"

This command configures notifications for a custom flag, sending them to the specified target (e.g., PagerDuty).

With these commands, you can easily configure notifications for saved queries and custom flags, specifying targets, templates, and additional options like cooldown periods


Step 4: Test Notifications

After configuring notifications, you can test whether they are properly set up using the below command. This can be done before enabling the notifications.

spyctl test-notification --target "email-alerts" \
--template "default-template"

This command sends a test notification to the specified target using the provided template. You can have to provide a JSON record file for the template values:

Example: For a Custom Flag (Redflag) - Provide the Redflag record For a Custom Flag (Opsflag) - Provide the Opsflag record For a Saved QUery - Provide the object record for which query is saved.

spyctl test-notification --target "slack-channel" \
--template "custom-template" \
--record-file test_record.json
Option
Description

-T, --target

Target name or UID to send a test notification to. (Required)

-P, --template

Template name or UID of the same type as the target. (Required)

-f, --record-file

File containing a JSON record used to build the notification. (Required)

You should be able to get a test notification in some-time after setting it up.


Step 5: Enable or Disable Notifications

After configuring and testing the notifications, you can toggle their status with the following commands to receive actual real-time Notfications:

Enable notifications:

spyctl notifications enable [OPTIONS] COMMAND [ARGS]...

Example:

spyctl notifications enable saved-query query:PpEjGdOSUJ

Disable notifications:

spyctl notifications disable [OPTIONS] COMMAND [ARGS]...

Example:

spyctl notifications disable saved-query query:PpEjGdOSUJ

All of the commands to manage Notification Targets using Spyctl can be found .

All of the commands to manage Notification Templates using Spyctl can be found .

To Configure Notifications for Agent Health

Install Spyctl
Configure Spyctl with a Context
Spyderbat Notification Concept
this section
here
here
Refer here