This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

  • 1:
    • 1.1:
      • 1.2:
        • 1.3:
          • 1.4:
            • 1.5:
              • 1.6:
                • 1.7:
                  • 1.8:
                    • 1.9:
                      • 1.10:
                        • 1.11:
                        • 2:

                          Notifications Management

                          Alerts are used in Sysdig Monitor when Event thresholds have been crossed, and in Sysdig Secure when Policy violations have occurred. Alerts can be sent over a variety of supported notification channels.

                          Notification Management describes how to add, edit, or delete a variety of notification channel types, and how to disable or delete notifications when they are not needed, for example, during scheduled downtime.

                          1 -

                          Set Up Notification Channels

                          Alerts are used in Sysdig Monitor when Event thresholds have been crossed, and in Sysdig Secure when Policy violations have occurred. Alerts can be sent over a variety of supported notification channels.

                          In the Settings panel of either Sysdig Monitor or Sysdig Secure, set up the notification channels to be used for alerting.

                          Notification channel management can be finessed by role-based access as follows:

                          • Notification channels can now be “global” or limited to a particular team

                          • Global channels can be managed by admins and can be viewed/used by other roles, while team-limited channels are available only to team members

                          • Team Manager , Advanced User, and Service Manager (Secure) roles can create/update/delete team-scoped notification channels, they can also read and use the global ones

                          • Standard and View Only roles can read team-limited and global notification channels

                          • Admins will be able to create global notification channels and migrate channels from “global” to “team-limited”, and also from one team to another.

                          Add a Notification Channel

                          To add a new notification channel:

                          1. Log in to Sysdig Monitor or Sysdig Secure as administrator and select Settings.

                          2. Select Notification Channels.

                            The Notifications main page is displayed:

                          3. Click Add Notification Channel +, and select the desired notification channel.

                          4. Follow the channel-specific steps to complete the configuration process:

                          After you have set up a notification channel, it will appear as an available option to be assigned when you Add an Alert .

                          Edit a Notification Channel

                          To edit a notification channel:

                          1. Log in to Sysdig Monitor or Sysdig Secure as administrator and select Settings.

                          2. Select Notification Channels.

                          3. Locate the target channel and click the Edit button.

                          4. Make the edits and click Done Editing to save the changes.

                          Test a Notification Channel

                          To test a notification channel:

                          1. Log in to Sysdig Monitor or Sysdig Secure as administrator and select Settings.

                          2. Select Notification Channels.

                          3. Select the three dots next to a created Notification Channel and click Test Channel.

                          If a notification is not received within 10 minutes, the notification channel is not working, and the configuration should be reviewed.

                          1.1 -

                          Amazon SNS Notifications

                          Sysdig Monitor integrates easily with AWS Simple Notification Service (SNS).

                          On the AWS side:

                          To automatically push Sysdig Monitor alerts to the SNS topic of your choice:

                          1. From the AWS console, open the SNS management console

                          2. In the Create topic section, Create a new topic (if needed).

                            The topic’s Name, ARN, (optional) Display name, and Topic owner’s AWS account ID are displayed in the Details section.

                          3. Select the topic on the list.

                          4. Expand Access policy - optional.

                          5. Select Basic (By default).

                          6. Under Define who can publish messages to the topic, select Only the specified AWS accounts and enter the Sysdig Monitor account ID: 273107874544 (US-East Only).

                            For account IDs corresponding to other regions, see SaaS Regions and IP Ranges.

                          7. Click Create topic.

                          8. Ensure that you subscribe to the created topic.

                            1. On the navigation panel, choose Subscriptions.

                            2. On the Create subscription page, enter the Topic ARN of the topic you created earlier.

                            3. Specify other details and click Create subscription.

                          For further information about AWS SNS, refer to the AWS documentation.

                          For SNS notification, you can click the ‘help’ button for tips on setting up your SNS topic.

                          You will need to allow publishing rights to the Sysdig Monitor account ID corresponding to your region.

                          This can be done by creating a new policy on your SNS topic in AWS Console as shown in the below images:

                          1. Select “Edit topic policy” as shown below from “Other topic actions.”

                          2. In the “Basic view” tab of the “Edit topic policy” dialog, select “Only these AWS users” from the publisher’s list and enter the Sysdig ID.

                          In the Sysdig Monitor UI:

                          1. Complete steps 1-3 in Set Up a Notification Channel to log in to the Sysdig UI and select Amazon SNS Topic.

                          2. Enter the Topic created on the AWS side, along with a Channel Name, Enablement, and Notification toggles as appropriate.

                          3. From Shared With: Choose whether to apply this channel globally (All Teams) or to a specific team from the drop-down.

                          4. Click Save.

                          1.2 -

                          Email Notifications

                          To send an alert notification via email, you must first set up the email notification channel.

                          To do so, complete steps 1-3 in Set Up a Notification Channel, then:

                          1. Select Email.

                          2. Enter the relevant details for the email notification:

                          3. From Shared With: Choose whether to apply this channel globally (All Teams) or to a specific team from the drop-down.

                          4. Click Save.

                            If you enabled Test notification, a test email will be sent.

                          You can now configure an alert to use email notifications.

                          For on-premises environments, you may need to have pre-configured your SMTP parameters in your Replicated or Kubernetes installation configmap.

                          1.3 -

                          Team Email Notifications

                          You can notify all the users of a team when an alert is triggered. Sysdig allows you to create a new notification channel where you can select a team from a list of existing ones as the target of the channel.

                          To send an alert notification via email to a team, you must first set up the team email notification channel. To do so, complete steps 1-3 in Set Up a Notification Channel, then:

                          1. Select Team Email.

                          2. Enter the relevant details for the email notification:

                            Select the Team Name and specify a Channel Name to identify the channel you are creating.

                          3. From Shared With drop-down, choose whether to apply this channel globally (All Teams) or to a specific team from the drop-down.

                          4. Click Save.

                            If you enabled Test notification, a test email will be sent.

                          You can now configure an alert to use email notifications.

                          1.4 -

                          PagerDuty Notifications

                          To send an alert notification via PagerDuty, you must first set up the PagerDuty notification channel.

                          Prerequisites

                          • Have an account configured at PagerDuty.com.

                          • Have your PagerDuty credentials available (account, password, and service).

                          • Have the base user role of Manager. With a PagerDuty base user role of Manager, you can auto-fetch the service information during the Sysdig/PagerDuty integration process.

                          • Check your team and base user permissions. If your PagerDuty team permissions are Manager but base user permissions are Responder or lower, you can enter the necessary data in the Sysdig UI manually.

                            Base user roles in the PagerDuty UI.

                          Configure PagerDuty

                          1. To launch the process from the Sysdig UI, complete steps 1-3 in Set Up Notification Channels and select PagerDuty.

                          2. Do one of the following:

                            • Select Auto-fetch when prompted. Ensure that you have the base user role of Manager or higher in PagerDuty.

                            • Select Manual and enter the necessary configuration parameter. Skip to Step 5 for details.

                            Once you complete the pre-configuration, the PagerDuty Integration screen is displayed.

                          3. Do one of the following:

                            • Enter the email and password associated with your PagerDuty account, and click Sign In.

                            • Enter the appropriate PagerDuty subdomain for single sign-on and click Sign In Using Your Identity Provider.

                          4. A PagerDuty service selection screen is displayed.

                            • Option 1: If you have never integrated before, you are prompted to choose a PagerDuty Servicename.

                            • Option 2: If at least one service has already been integrated, you can select that one.

                          5. Click Connect.

                            Once integration is authorized, the Sysdig page for a new PagerDuty notification channel is displayed, with the information auto-filled.

                          6. From Shared With, choose whether to apply this channel globally (All Teams) or to a specific team from the drop-down.

                          7. Do one of the following:

                            • Confirm the auto-populated information and click Save.

                            • If you chose Manual entry in Step 2, then type the information and click Save.

                          You can now Add an Alert to use PagerDuty notifications.

                          Known Issues

                          There is a known issue whereby changing a notification from “Acknowledged” to “Unacknowledged” does not update correctly in PagerDuty.

                          What occurs:

                          • Event has triggered Notification, Notification is sent to PagerDuty.

                          • Open Event and click on “Acknowledge” button in Sysdig.

                          • Notification is sent to PagerDuty, and status is changed to “Acknowledged.”

                          • Open Event and click on “UnAcknowledge” button in Sysdig.

                            Status is not changed in PagerDuty. It remains “Acknowledged” rather than changing to “Triggered” in PagerDuty.

                          1.5 -

                          Slack Notifications

                          To send an alert notification via Slack you must first set up the Slack notification channel.

                          To do so:

                          Prerequisite:

                          Have a Slack account configured at Slack.com and know which notification channel to use for notifications.

                          1. To launch the process from the Sysdig UI, complete steps 1-3 in Set Up Notification Channels and select Slack.

                            You will be prompted to log in to your Slack account.

                          2. Select a Slack channel from the drop-down list to be used for notifications and click Authorize.

                          3. From Shared With: Choose whether to apply this channel globally (All Teams) or to a specific team from the drop-down.

                          4. Complete configuration as desired and click Done.

                          5. Click Test to check the new functionality.

                          You can now configure an alert to use Slack notifications.

                          1.6 -

                          VictorOps Notifications

                          To integrate with your VictorOps

                          1. Log in to VictorOps.

                          2. Go to Settings > Alert Behavior > Integrations in the VictorOps interface.

                          3. Select REST from the list of Featured Integrations.

                          4. Complete steps 1-3 in Set Up a Notification Channel to log in to the Sysdig UI and select VictorOps.

                          5. Enter the VictorOps parameters in the Sysdig Notification Channel fields, as follows:

                            API Key: everything between "/alert/" and “/$routing_key” in the REST URL

                            Routing Key: A VictoOps way of routing alerts to appropriate teams. See their Routing Keys documentation for details, if needed.

                            Channel Name: Choose a meaningful name like “VictorOps”.

                            Enable the channel and desired notification types.

                          6. From Shared With: Choose whether to apply this channel globally (All Teams) or to a specific team from the drop-down.

                          7. Click Save.

                          1.7 -

                          OpsGenie Notifications

                          1. Go directly to the OpsGenie Integrations Page to configure the integration on the OpsGenie side.

                            OpsGenie maintains documentation on how to integrate with Sysdig products (formerly called Sysdig Cloud) here.

                          2. Complete steps 1-3 in Set Up a Notification Channel to log in to the Sysdig UI and select OpsGenie.

                          3. Copy/paste your OpsGenie integration API key and add a Channel Name, Enablement, and Notification toggles as appropriate.

                          4. From Shared With: Choose whether to apply this channel globally (All Teams) or to a specific team from the drop-down.

                          5. Click Save.

                          1.8 -

                          Configure a Microsoft Teams Channel

                          Sysdig Monitor supports sending an alert notification to Microsoft teams. Microsoft Teams has different types of integrations for third-party applications, of which Sysdig supports Incoming Webhooks.

                          About Incoming Webhooks

                          Incoming Webhooks are a type of Connector in Teams that provide a simple way for an external app to share content in team channels. They are often used as tracking and notification tools. Microsoft Teams provides a unique URL to which you can send a JSON payload with the message that you want to POST, typically in a card format. Cards are UI containers that contain content and actions related to a single topic and are a way to present message data in a consistent way.

                          You will need to enter the URL that you copied from the Connector. Sysdig will format a message by using a custom card template and send it to the channel. The message will show up as a new notification in the Microsoft application.

                          Prerequisites

                          • Have the destination URL handy. You can copy it from the Connectors > Incoming Webhook window on the Microsoft Teams UI. For more information, see Add an incoming webhook to a Teams channel.

                          • Webhooks via HTTPS work only if a signed or valid certificate is in use.

                          Enable Microsoft Teams

                          1. Complete steps 1-3 in Set Up a Notification Channel and choose Microsoft Teams.

                          2. Enter the configuration options:

                            • URL: The destination URL you have copied from Microsoft Teams UI.

                            • Channel Name: Add a meaningful name for your Microsoft Teams channel.

                            • Enabled: Toggle on or off.

                            • Notification options: Toggle for notifications when alerts are resolved or acknowledged.

                            • Test notification: Toggle to be notified that the configured URL is working.

                            • Shared With: Choose whether to apply this channel globally. All Teams or to a specific team from the drop-down.

                          3. Click Save.

                          1.9 -

                          Configure a Webhook Channel

                          Sysdig Monitor and Sysdig Secure support sending an alert notification to a destination, such as a website, custom application, and so on for which Sysdig does not have a native integration. Do this using a custom Webhook channel.

                          Prerequisites

                          • Webhooks via HTTPS only work if a signed/valid certificate is in use.

                          • Have your desired destination URL on hand.

                          Enable Webhook

                          1. Complete steps 1-3 in Set Up a Notification Channel and choose Webhook.

                          2. Enter the webhook channel configuration options:

                            • URL: The destination URL to which notifications will be sent.

                            • Channel Name: Add a meaningful name, such as Ansible, PagerDuty, OpsGenie, and so on.

                            • Enabled: Toggle on and off notifications.

                            • Notification options: Toggle for notifications when alerts are resolved or acknowledged.

                            • Test notification: Toggle to be notified that the configured URL is working.

                            • Shared With: Choose whether to apply this channel globally (All Teams) or to a specific team from the drop-down.

                            • Allow insecure connections: Enable if you want to skip the TLS verification.

                            • Custom headers: Add custom headers to your alert notification.

                              If your webhook integrations require additional headers you specify them by using a custom header.

                              For example, Ansible uses token-based authentication, which requires an entry for the bearer token. This entry is not included in the default header, but you can add it using a custom header.

                              Alternatively, you can choose to add custom headers programmatically as described in Configure Custom Headers and Custom Data Programmatically.

                            • Custom Data: Specify the custom data you want to attach to the alert notification. The data must be a valid JSON document. This information will be included in the request body of the HTTP call. Systems that receive these webhook alerts can parse the data and take action based on the contents.

                          3. Click Save.

                          When the channel is created, you can use it on any alerts you create.

                          Then, when the alert fires, the notification will be sent as a POST in JSON format to your webhook endpoint. (See Alert Output, below.)

                          For testing purposes, you can use a third-party site to create a temporary endpoint to see exactly what a Sysdig alert will send in any specific notification.

                          Configure Custom Headers and Custom Data Programmatically

                          By default, alert notifications follow a standard format (see Description of POST Data, below).

                          However, some integrations require additional headers and/or data, which you can append to the alert format using a custom header or custom data entry.

                          For example, Ansible uses token-based authentication, which requires an entry for the bearer token. This entry is not included in the default alert template built into Sysdig, but you can add it using a custom header.

                          In addition to the Webhook UI option, you can do this from the command line, as described below.

                          • additionalHeaders is usually used for authentication

                          • customData is used to add values to the alert

                          After it has been created via the API, any manipulation will mangle the notification channel. Use with care.

                          Sample Use Case

                          This example adds two custom headers and defines additional custom data, as well as the format for that data.

                          1. Use the curl command to retrieve all configured notification channels:

                            curl -X GET https://app.sysdigcloud.com/api/notificationChannels -H 'Authorization: Bearer API-KEY'
                            
                          2. Add the custom headers and execute the request:

                            curl -X PUT https://app.sysdigcloud.com/api/notificationChannels/1 -H 'Authorization: Bearer API-KEY' -H 'Content-Type: application/json' -d '{
                              "notificationChannel": {
                                "id": 1,
                                "version": 1,
                                "type": "WEBHOOK",
                                "enabled": true,
                                "name": "Test-Sysdig",
                                "options": {
                                  "notifyOnOk": true,
                                  "url": "https://hookb.in/v95r78No",
                                  "notifyOnResolve": true,
                                  "customData": {
                                    "String-key": "String-value",
                                    "Double-key": 2.3,
                                    "Int-key": 23,
                                    "Null-key": null,
                                    "Boolean-key": true
                                  },
                                  "additionalHeaders": {
                                    "Header-1": "Header-Value-1",
                                    "Header-2": "Header-Value-2"
                                  }
                                }
                              }
                            }'
                            

                          Standard Alert Output

                          Alerts that use a custom webhook for notification send a JSON-format with the following data.

                          Description of POST Data

                          {
                            "timestamp": 1620222000000000, // Time when the alert triggered in microseconds
                            "timespan": 60000000, // duration of the alert in microseconds (how long the value should be true before triggering)
                            "alert": {
                              "severity": 2, // severity from 0 to 7, use severityLabel for a human readable version
                              "editUrl": "https://app-staging.sysdigcloud.com/#/alerts/21998727", // alert edit URL
                              "severityLabel": "Medium", // human readable version of severity
                              "subject": "CPU temp is High on homebridge:9100 is Triggered", // Alert subject
                              "scope": null, // scope of the alert if set from the UI
                              "name": "CPU temp is High", // name of the alert
                              "description": null, // description, not used ATM
                              "id": 21998727, // alert id
                              "body": "CPU temp is High on homebridge:9100 is Triggered\n\n\nEvent Generated:\n\nSeverity:         Medium\n    Metric:\n    node_hwmon_temp_celsius = 65.8121\nSegment:\n    instance = 'homebridge:9100'\nScope:\n    Everywhere\n\nTime:             05/05/2021 01:40 PM UTC\nState:            Triggered\nNotification URL: https://app-staging.sysdigcloud.com/#/events/notifications/l:2419200/14918845/details\n\n------\n\nTriggered by Alert:\n\nName:         CPU temp is High\nTeam:         Monitor Operations\nScope:\n    Everywhere\nSegment by:   instance\nWhen:         avg(avg(node_hwmon_temp_celsius)) > 40\nFor at least: 1 m\nAlert URL:    https://app-staging.sysdigcloud.com/#/alerts/21998727\n\n\n"
                            },
                            "event": {
                              "id": 14918845, // id of the generated event
                              "url": "https://app-staging.sysdigcloud.com/#/events/notifications/l:604800/14918845/details" // url of the event in the feed
                            },
                            "state": "ACTIVE", // status of the alert, can be ACTIVE or OK
                            "resolved": true,
                            "entities": [ // list of entities that triggered the alert, at the moment we send a notification per entity, so this array will always contain a single object
                              {
                                "entity": "instance = 'homebridge:9100'", // segment that triggered
                                "metricValues": [ // value of the metric at the time of triggering
                                  {
                                    "metric": "node_hwmon_temp_celsius",
                                    "aggregation": "avg",
                                    "groupAggregation": "avg",
                                    "value": 65.812167
                                  }
                                ]
                              }
                            ],
                            "endEntities": [ // list of entities when the alert was resolved (same as "entities")
                              {
                                "entity": "instance = 'homebridge:9100'",
                                "metricValues": [
                                  {
                                    "metric": "node_hwmon_temp_celsius",
                                    "aggregation": "avg",
                                    "groupAggregation": "avg",
                                    "value": 39.812167
                                  }
                                ]
                              }
                            ],
                            "condition": "avg(avg(node_hwmon_temp_celsius)) > 40", // alert condition in string form
                            "source": "Sysdig Cloud", // source of the event
                            "labels": { // list of labels associated to this event (they strongly depend on the segmentation and scope of the alert)
                              "instance": "homebridge:9100"
                            }
                          }
                          

                          Example of Failure

                          $ curl -X GET https://app.sysdigcloud.com/api/notificationChannels -H 'authorization: Bearer dc1a42cc-2a5a-4661-b4d9-4ba835fxxxxx’'
                          
                          {"timestamp":1543419336542,"status":401,"error":"Unauthorized","message":"Bad credentials","path":"/api/notificationChannels"}
                          

                          Example of Success

                          $ curl -X GET https://app.sysdigcloud.com/api/notificationChannels -H 'Authorization: Bearer dc1a42cc-2a5a-4661-b4d9-4ba835fxxxxx'
                          {"notificationChannels":[{"id":18968,"version":2,"createdOn":1543418691000,"modifiedOn":1543419020000,"type":"WEBHOOK","enabled":true,"sendTestNotification":false,"name":"robin-webhook-test","options":{"notifyOnOk":true,"url":"https://postb.in/6dtwzz7l","notifyOnResolve":true}}]}
                          $
                          

                          The webhook feature is used to integrate the following channels:

                          1.10 -

                          Configure ServiceNow

                          Sysdig can be integrated with ServiceNow using a custom webhook.

                          ServiceNowSetup

                          Prerequisites

                          • Have a ServiceNow account set up and working.

                          • If necessary, refer to ServiceNow developer documentation here.

                          Create Scripted Rest API Details in ServiceNow GUI

                          1. Login to ServiceNow (developer entry) and create a Scripted REST API:

                          2. Click New and submit the form with the following:

                            Name: SysdigAlert API ID: sysdigalert

                          3. Return to the Scripted REST APIs and open the resource just created.

                            Scroll down to the related list area, select Resources, and click New. This will create a new Scripted REST API resource.

                          4. Fill in the Name field e.g. Demo.

                          5. Scroll down to Security and clear the checkbox that requires authentication.

                          6. Change the HTTP method from GET to POST.

                          The resource is created.

                          Add Code to the New Scripted API

                          Now give the resource the code to execute.

                          The default objects to work with in a Scripted REST API Resource are response and request.

                          For more details on request and response see Scripted_REST_Request_API and Scripted_REST_Response_API

                          The created resource will already have some example code:

                          (function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
                          
                              // implement resource here
                          
                          })(request, response);
                          
                          1. Change this default code to:

                            (function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
                            
                             gs.info(request.body.dataString);
                            
                            })(request, response);
                            
                          2. Note the following resource path to this newly created resource is now visible: /api/snc/sysdigalert.

                            The url to this resource would be https://yourInstance.service-now.com/<resource_Path or https://yourInstance.service-now.com/api/snc/sysdigalert ``

                          3. Click Submit/Update on this resource.

                          Sysdig Webhook Setup

                          Now that the custom API endpoint in ServiceNow is created, you can configure Sysdig alerts to use a custom webhook to trigger the ServiceNow integration.

                          API URL: your instance name URL

                          Name: ServiceNow (or whatever name you’d like for this Sysdig alert webhook)

                          Notify when OK: Optional

                          Notify when Resolved: Optional

                          Test Notification: Use this toggle and/or set up a test alert as described in the following section.

                          Test Integration

                          To test if this ServiceNow integration is set up and working correctly, you can set up a test alert to trigger.

                          For example, you could create an alert for CPU usage:

                          In ServiceNow, navigate to System Log > All to see a sample triggered webhook.

                          1.11 -

                          Configure IBM Cloud Functions Channel

                          Sysdig supports automatically sending alert notifications to an IBM Cloud Functions Channel. You generally use it for the following use cases.

                          • Configure an IBM Functions as a new notification channel in Sysdig Monitor.

                          • Pass extra parameters to IBM Functions.

                          • Modify an IBM Functions.

                          • Delete an IBM Functions.

                          The following notification channel types are supported:

                          • Public (with or without X-Require-Whisk-Auth header)

                          • Private (using IAM token)

                          To configure IBM Cloud Functions Channel:

                          1. Log in to the Sysdig UI and select IBM Cloud Functions Channel by completing steps 1-3 as described in Set Up a Notification Channel.

                          2. Specify the channel URL.

                            You can specify one of the following channel types.

                          3. Continue with one of the following:

                          Configure a Private Channel

                          Specify the following:

                          • IAM API Key:

                          • Channel Name: A unique name to identify the channel.

                          • Enable the channel and desired notification types:

                            • Enabled: The toggle button to enable or disable the IBM channel.

                            • Notify when Resolved: Send a new notification when the alert condition is no longer triggered. Enable or disable the notification toggle as appropriate.

                            • Notify when Acknowledged: Send a new notification when the alert is manually acknowledged by a user. Enable or disable the notification toggle as appropriate.

                            • Test notification: Send a notification when the changes are saved. Enable or disable the notification toggle as appropriate.

                          • Shared With: Choose whether to apply this channel globally (All Teams) or to a specific team from the drop-down.

                          • Additional Parameters: Specify optional parameters to pass to the function. For example, name: jane is passed to the action as {name: "Jane"}.

                          Configure a Public Channel

                          Specify the following:

                          • Whisk Auth Token (optional): Optionally provide the Whisk authentication token. If you specify one, the public channel (web action) can only be invoked by requests that provide appropriate authentication credentials. See Securing web actions for more details.

                          • Channel Name: A unique name to identify the channel.

                          • Enable the channel and desired notification types:

                            • Enabled: The toggle button to enable or disable the IBM channel.

                            • Notify when Resolved: Send a new notification when the alert condition is no longer triggered. Enable or disable the notification toggle as appropriate.

                            • Notify when Acknowledged: Send a new notification when the alert is manually acknowledged by a user. Enable or disable the notification toggle as appropriate.

                            • Test notification: Send a notification when the changes are saved. Enable or disable the notification toggle as appropriate.

                          • Shared With: Choose whether to apply this channel globally (All Teams) or to a specific team from the drop-down.

                          • Additional Parameters: Specify optional parameters to pass to the function. For example, hostname: BLR is passed to the action as {hostname: "BLR"}. The URL would be /demo/hello.http?hostname=BLR.

                          2 -

                          Disable or Delete a Notification Channel

                          Temporarily Disable a Notification Channel

                          To temporarily disable a notification channel:

                          1. Log in to Sysdig Monitor or Sysdig Secure as administrator and select Settings.

                          2. Select Notification Channels.

                          3. Toggle the Enabled slider to off.

                          Mute Notifications During Downtime

                          Administrators can choose to turn off all alert events and notifications if desired, for example, during a scheduled system downtime.

                          Muting notifications affects all channels globally. When muting is switched on, no notifications will be sent through any configured channel. You can choose whether to notify specific channels that notifications are temporarily disabled. Muting and re-enabling notifications is a MANUAL process.

                          1. Log in to Sysdig Monitor or Sysdig Secure as administrator and select Settings.

                          2. Select Notification Channels.

                          3. Select the Downtime toggle.

                            Optional: check the **Yes**box to Notify Channels when prompted, and select the desired channels.

                            At this time, only Email and Slack channels can be notified when downtime is started/stopped.

                          Delete a Notification Channel

                          1. Log in to Sysdig Monitor or Sysdig Secure as administrator and select Settings.

                          2. Select Notification Channels.

                          3. Select the three dots next to a created channel and click Delete Channel.

                          Configure an Alert Start-Up Delay (On-Premises Only)

                          Sysdig alert jobs begin immediately at start-up. However, in instances where Sysdig goes down unexpectedly, or without proper shutdown/startup procedures implemented, data can be missing, triggering alert notifications.

                          A start-up delay in alert jobs can be configured in on-premises environments, by setting the draios.alerts.startupDelay parameter. The parameter requires a duration value; the example below shows a duration of 10 minutes:

                          draios.alerts.startupDelay=10m
                          

                          This parameter can be configured for either Replicated or Kubernetes environments:

                          • For Replicated environments, add the parameter to the Sysdig application JVM options list. For more information, refer to the Sysdig Install with Replicated documentation.

                          • For Kubernetes environments, add the parameter to the **sysdigcloud.jvm.worker.options **parameter in the configmap. For more information on editing the configmap refer to the On-Premises Installation documentation.