Supported Notifications
- Shirly Tsang
Analytics
A notification can be considered as a link between a template, an endpoint, and an event. In the notification properties, you can define the event and rules that trigger the notification, the template to execute, and the external endpoint. The templates support a subset of available notifications It is highly recommended to configure deduplication for RPZ events and exclude a feed that is automatically populated by Threat Analytics.
Notification | Description |
DNS RPZ | Malicious or unwanted DNS queries |
DNS Tunneling | Data exfiltration occurring on the network |
Security ADP | Malicious or unwanted DNS queries (via ADP) |
Object Change Fixed Address IPv4 | Added/Deleted fixed/reserved IPv4 objects |
Object Change Host Address IPv4 | Added/Deleted host IPv4 objects |
Object Change Fixed Address IPv6 | [Dynamic Only] - Added/Deleted fixed/reserved IPv6 objects |
Object Change Host Address IPv6 | [Dynamic Only] - Added/Deleted host IPv6 objects |
Object Change Network IPv4 | Added/Deleted network IPv4 objects |
DHCP Leases | DHCP lease events |
Discovery (Network Insight) | Added addresses discovered by Network Insight |