SCM allows administrators to send email and slack notifications when certain conditions are met during an SCM import. Notifications are configured within the Account Settings page here.
Click + Add a notification
- Object - This is linked to the control category (EDR, Email, Endpoint Management)
- Control Failure State - Each control category has a list of available failure states to choose from (No EDR, Reduced Functionality Mode, Misconfigured policy setting).
- Time in State - Prelude tracks the number of subsequent days an object has been in a failure state. Notifications can be configured to send only devices that have been in a failure state for a minimum amount of time. This helps reduce noise from newly built systems and any type of transient condition. If set to 0, alert will contain all objects in the failure state. If set to 1 or more, only objects that have been in the failure state for 1 or more days will be included in the notification
- Filter (optional) allow the filtering of objects in the notification. (Example - Ownership is not personal)
- Frequency - Frequency and schedule of the notification
- Email - SCM will email users (comma seperated list) on the frequency provided.
- Slack - SCM uses a slack webhook (configuration required) to notify slack users of the failure condition.
