How do I create a new Alert in I3 Portal?

To create a new Alert in the I3 portal follow the steps below:

  1. Login into I3 Portal
  2. Using the left floating menu navigate to Alerts —> Create
  3. Specify an Alert Name
  4. Specify the Type of the Alert (possible values: Vulnerability, Patch, Exploit, Impact, Malware)
  5. For Vulnerability type of Alerts
    • Check the New Vulnerabilities Only checkbox if you are only interested in received alerts for new published vulnerability (i.e. not for updates or modifications to existing vulnerabilities)
    • In Production Selection, you can specify either a custom filter (i.e. provide your own Publisher and Product names) or an existing ThreatFilter. You will only get alerts for vulnerabilities which meet this criteria
    • You can filter vulnerabilities for alerts based on Rating and / or CVSS V3 Score. Note if you specify CVSS V3 Score as 5.0, then you will only receive alerts for vulnerabilities having CVSS V3 Score greater than equals 5.0
  6. For Patch type of Alerts
    • In Production Selection, you can specify either a custom filter (i.e. provide your own Publisher and Product names) or an existing ThreatFilter. You will only get alerts for vulnerabilities which meet this criteria
  7. For Exploit type of Alerts
    • In Production Selection, you can specify either a custom filter (i.e. provide your own Publisher and Product names) or an existing ThreatFilter. You will only get alerts for vulnerabilities which meet this criteria
  8. For Impact type of Alerts
    • Check the All Assets checkbox if you are interested in Alerts for all assets. Defaults to assets that you own i.e. My Assets
    • Check the Priority Impacts checkbox if you are interested in Alerts only for DoNow priority impacts
    • Specify the Rating based filter for alerts
  9. For Malware type of Alerts
    • Specify Malware Family / Industry / Country / IOC values to filter the alerts
  10. Configure how you would like the Alerts to be delivered. Note single alert can have multiple delivery mechanisms configured. Following mechanisms are supported:
    • Email address – Users will get the Alerts delivered to your Inbox. Specify the email address for the user and click Add
    • Webhooks based delivery is supported for Slack, MS Teams in addition to custom ThreatWorx webhook
  11. Click the Save button