Manage Notification Channels
Supported Notification Channels
The tables below show which notification channel types are supported in Sysdig Secure and Sysdig Monitor, and for which use cases within each product.
Supported Channels in Sysdig Secure
| Notification Channel | Threat Detection Policies | Vulnerability Policies | Automations | Reports | |
|---|---|---|---|---|---|
| Amazon SNS | X | ||||
| X | X | X | X | ||
| Microsoft Teams | X | X | X | ||
| OpsGenie | X | ||||
| PagerDuty | X | X | |||
| Prometheus Alertmanager | X | ||||
| Slack | X | X | X | X | |
| Sysdig Team Email | X | ||||
| VictorOps | X | ||||
| Webhook | X | X | X |
Supported Channels in Sysdig Monitor
| Notification Channel | Alerts | Silence Rule Notifications | Cost Advisor Reports |
|---|---|---|---|
| Amazon SNS | X | ||
| Custom Webhook | X | ||
| X | |||
| Google Chat | X | ||
| IBM Cloud Functions | X | ||
| IBM Event Notifications | (IBM Only) | ||
| Microsoft Teams | X | ||
| OpsGenie | X | ||
| PagerDuty | X | ||
| Prometheus Alertmanager | X | ||
| Slack | X | X | X |
| Sysdig Team Email | X | ||
| VictorOps | X | ||
| Webhook | X |
Control Access to Channels
Notification channel management can be fine-tuned by role-based access as follows:
Notification channels can be global or limited to a particular team.
Global channels can be managed by admins and can be viewed/used by other roles, while team-limited channels are available only to team members.
Team Manager , Advanced User, and Service Manager (Secure) roles can create/update/delete team-scoped notification channels. They can also read and use the global ones.
Standard and View Only roles can read team-limited and global notification channels.
Admins can create global notification channels and migrate channels from “global” to “team-limited”, and also from one team to another.
Add a Notification Channel
To add a new notification channel for alerting:
Log in to Sysdig Monitor or Sysdig Secure as an Admin.
Select Settings from the user menu in the bottom left corner.
The Settings page appears.
Select Notifications Channels under Outbound Integrations.
The Notifications main page is displayed:
Select Add Notification Channel.
Follow the channel-specific steps to complete the configuration process.
Share a Notification Channel
When you configure a notification channel, you can choose whether the channel should be Shared With the Current Team you are logged in as, or with All Teams.
Notification channels created by one team cannot be shared with just with one other team. To use a channel created by another team, ensure the channel is Shared With All Teams in the channel configuration.
Edit a Notification Channel
To edit a notification channel:
Log in to Sysdig Monitor or Sysdig Secure as administrator and select Settings.
Select Notification Channels.
Click the target channel.
Make the edits and click Save.
Test a Notification Channel
To test a notification channel:
Log in to Sysdig Monitor or Sysdig Secure as administrator and select Settings.
Select Notification Channels.
Select the three dots next to a created Notification Channel and click Test Channel.
If a notification is not received within 10 minutes, the notification channel is not working, and the configuration should be reviewed.
Report Unsuccessful Notification Attempts
When an unsuccessful notification has been attempted on a given notification channel, Sysdig Events are generated to warn you about it. At the fifth failed notification attempt, the notification channel will be disabled and a corresponding Sysdig Event will be generated. To view the list of Sysdig Events:
Log in to Sysdig Monitor and select Events.
On the Events page, select Sysdig from the All Types drop-down.
Disable a Notification Channel
Sometimes, a notification channel has outlived its use, or must be temporarily disabled due to noise while an underlying issue is investigated.
To temporarily disable a notification channel:
Log in to Sysdig Monitor or Sysdig Secure as administrator.
Select Settings > Notification Channels.
Identify a channel, and toggle the Enabled slider off.
To re-enable the channel, toggle the slider on.
Delete a Notification Channel
Log in to Sysdig Monitor or Sysdig Secure as administrator.
Select Settings > Notification Channels.
Select the three-dot menu icon on the right side of a channel listing.
Select Delete Channel.
Configure an Alert Start-Up Delay (On-Premises Only)
In Sysdig Monitor, alert jobs begin immediately at start-up. However, in instances where Sysdig goes down unexpectedly, or without proper shutdown/startup procedures implemented, data can be missing, triggering alert notifications.
A start-up delay in alert jobs can be configured in on-premises
environments, by setting the draios.alerts.startupDelay parameter. The
parameter requires a duration value; the example below shows a duration
of 10 minutes:
draios.alerts.startupDelay=10m
This parameter can be configured for Kubernetes environments:
- For Kubernetes environments, add the parameter to the
sysdigcloud.jvm.worker.optionsparameter in theconfigmap.
For more information on editing the configmap refer to the On-Premises Installation documentation.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
