11 Notifications
Oracle® Communications Security Shield Cloud Service (Security Shield) Notifications displays notifications when certain conditions occur that need your attention. On the Notifications page, privileged users can view the state of risky call types and manage notifications settings.
Notifications Controls and Actions
The Notifications page displays tabs where you can view the notifications watch list, manage call enforcement notifications, and manage your subscriptions.
The following screen capture shows the Notifications and its tabs.
Note:
The notifications counter (on the bell icon on the banner) shows the number of notifications currently triggered, not the number of notifications since the last time you viewed the notifications list.The Notifications Watchlist Tab
The Notifications Watchlist tab displays the list of notification types that Oracle® Communications Security Shield Cloud Service (Security Shield) provides along with their state and trigger times.
The following screen capture shows an example of the Notifications Watchlist tab.
- Triggered – Calls exceeded the upper threshold you set for triggering the notification. When calls fall below the lower threshold you set, the state changes to Not Triggered.
- Not Triggered – Calls did not exceed the upper threshold you set for triggering the notification. When calls exceed the upper threshold you set, the state changes to Triggered.
- Disabled – The notification is disabled.
Security Shield updates the Notifications Watchlist every five minutes. Notifications age out when the source falls below the lower threshold you set. Because you might not see notifications occurring over a weekend, for example, the default age-out is twenty four hours. When a notification ages out, Security Shield no longer counts the notification as an active notification but the notifications list still includes the notification.
When the notifications counter displays digits on the bell icon. Click the bell and Security Shield displays the Notifications list, as shown in the following example.
Note:
The counter shows the number of notifications currently triggered, not the number of notifications since the last time you viewed the notifications list.The Notifications Settings Tab
The Oracle® Communications Security Shield Cloud Service (Security Shield) Settings tab displays predefined notifications you can enable or disable. You can also set the thresholds for triggering and clearing the notifications. All notifications default to disabled and all thresholds default to no setting.
The following screen capture shows the notifications with descriptions and the parameters you can set.
Upper Threshold—The point at which Security Shield triggers the notification.
Lower Threshold—The point at which Security Shield clears the notification.
Status—Whether or not the notification is enabled.
Comment—Enter any notes you might want, for example, why you enabled or disabled a notification or why you set the thresholds to certain levels.
The settings take effect when you click Save.
The Notifications Subscriptions Tab
The Subscriptions tab on the Oracle® Communications Security Shield Cloud Service (Security Shield) Notifications page displays information about the subscribers configured to receive notifications when Security Shield detects threat conditions. The Subscriptions tab also displays the Create Subscription button to launch the configuration drawer, as well as filter chips for search operations.
The subscriptions tab displays filter chips you can use for search and lists your subscribers along with the Alert type, Protocol, Active Status, and Creation Timestamp. In the Search field, you can also enter all or part of Topic to see a list of only those subscribers.
Definitions of the Columns and Filter Chips
Subscription—The delivery endpoint where Security Shield sends published messages for a particular topic. See Slack and PagerDuty for hooks and integration information. Every message sent out as email contains a link to unsubscribe from the related topic, so Subscribers can unsubscribe themselves from notifications. Only the Privileged Administrator can unsubscribe recipients from HTTPS and Slack notifications. Security Shield updates the subscription list whenever a change is made to the list or when you navigate to the Subscription tab.
Topic—A channel for communicating messages to a subscription. The only topic supported at this time is Alert.
- Email—An email address
- HTTPS—PagerDuty
- Slack—A Slack channel
State—The availability of the subscriber to receive notifications. Active means the subscriber will receive notifications. Pending means Security Shield notified the subscriber about the subscription, but the subscriber has not yet clicked the link in the notification required to activate the subscription.
Created Time Stamp—The day, year, and time when the Privileged User created the subscription.
Create A Notification Subscription
The Create Subscription button launches the Create Subscription configuration drawer where Privileged Users configure Security Shield to send notifications to designated subscribers by way of email, Slack, and PagerDuty services when call threats occur.
Remove Subscriptions
- Privileged Users can remove email, Slack, and PagerDuty subscriptions. See Unsubscribe Users From Notifications
- Subscribers can only Unsubscribe from email notifications, Subscribers use the link included in every notification sent by email.
Notifications Subscriptions Behavior and Configuration Guidelines
Notifications from Oracle® Communications Security Shield Cloud Service (Security Shield) can alert end-users you configure about potentially harmful threats detected by Security Shield. The following information describes how the notifications work.
On the Notifications Settings Tab, Privileged Users can configure settings for triggering and ending specific types of notifications about potentially harmful call-traffic events. On The Notifications Subscriptions Tab, privileged users can Configure Subscriptions to Notifications for the end-users (called subscribers) you want to receive the notifications.
Note:
You cannot alter the messages sent in notifications.Note:
Security Shield notifications supports only one topic (named Alert) at this time.- up to ten endpoints per topic, which can be a combination of multiple email addresses, one Slack endpoint, and one PagerDuty endpoint.
- up to ten email addresses when you set no Slack and PagerDuty endpoints.
- only one Slack endpoint per topic.
- only one PagerDuty endpoint per topic.
- a group email address as the endpoint.
- Access the Notifications page and go to the Subscriptions tab.
- Configure one or more subscribers whom you want to receive notifications. Security Shield sends a confirmation email to the subscriber that contains a confirmation link and also lists the subscriber on the Subscription table as Pending.
- The subscriber must click the activation link in the email to activate the subscription. When the subscription becomes active, the Subscription table reports the State as Active.
Security Shield Threat Notifications Messages
You can configure Oracle® Communications Security Shield Cloud Service (Security Shield) to send notifications about detected threat conditions by way of email, Slack, and PagerDuty to designated subscribers. Notifications occur when the alert state for a call type changes from Not Triggered to Triggered, according to the thresholds you set.
Notifications include messages that Security Shield publishes to a topic, for example, Alerts. (A topic is a channel for communicating messages to a subscription.) Security Shield delivers each message at least once per subscription. Every email message contains a link to unsubscribe from the related topic. The following table lists and describes the information Security Shield provides for the Alerts topic.
Note:
You cannot edit the content of the messages.Alert Category | Alert Name | Message |
---|---|---|
Call Enforcement | Elevated Call Blocking % |
Title: Security Shield Alert: Higher number blocked calls than expected Message: [Trigger time stamp]. The number of blocked calls exceeded your configured threshold. Please investigate the reason for the number of blocked calls. You may want to reconfigure Security Shield to prevent blocking calls you want. |
Elevated Call Redirecting % |
Security Shield Alert: High Number of redirected calls than expected [Trigger time stamp]. The number of redirected calls exceeded your configured threshold. The increase may indicate an attack. Please investigate the reason for the number of redirected calls. You may want to reconfigure Security Shieldto prevent redirecting calls you want. |
|
Toll Fraud | Elevated Toll Fraud Attacks |
Security Shield Alert: Suspected Fraud on outbound calls. [Trigger time stamp]. Security Shield detected a possible attack against your voice infrastructure from fraudulent outbound calls. Fraudulent outbound calls may result in higher charges from your service provider. Oracle recommends blocking toll fraud calls. |
Traffic Pumping Attacks | Elevated Traffic Pumping Attacks |
Security Shield Alert: Security Shield Higher number of calls than expected; possible call flooding detected [Trigger time stamp]. Security Shield detected a possible attack against your voice infrastructure using inflated traffic volumes. Call flooding from traffic pumping may result in service impairment. Your customers may experience difficulty in getting through. Monitor the situation. Oracle recommends throttling traffic pumping calls. |
Call Type | Elevated Spam Risk Calls |
Security Shield Alert: More SPAM calls than expected. High number of suspected SPAM calls. [Trigger time stamp]. The number of suspected SPAM calls exceeded the configured threshold. The result may impair service and cause productivity loss. Monitor the situation. If needed, block or throttle SPAM calls until the numbers drop to more normal levels. |
Elevated Fraud Risk Calls |
Security Shield Alert: Suspected fraud calls [Trigger time stamp]. The number of suspected fraudulent calls exceed the configured threshold. The increase may indicate an attack on your service. Monitor the situation. If needed, block or redirect fraud calls until the numbers drop to more normal levels. |
|
Elevated Spoofed Calls |
Security Shield Alert: Higher numbers of spoofed calls than expected. [Trigger time stamp]. The number of suspected spoofed calls exceeded the configured threshold. The increase may indicate a reconnaissance attack, phishing attack, or other malicious behavior. Monitor the situation. If needed, block or throttle spoofed calls until the numbers drop to more normal levels. |
|
Call Classification | Elevated Risky Calls % |
Security Shield Alert: Higher number of Risky calls than expected [Trigger time stamp]. The number of risky calls exceeded the configured threshold. Security Shield detected very suspicious behavior. Monitor the situation. If needed, block, redirect, or throttle the highest risk categories until the numbers drop to more normal levels. |
Configure Subscriptions to Notifications
Privileged users can configure Oracle® Communications Security Shield Cloud Service (Security Shield) to send notifications to designated subscribers about threat conditions that Security Shield detects. You can specify sending notifications by email, Slack, and PagerDuty services.
- up to ten endpoints per topic, which can be a combination of multiple email addresses, one Slack endpoint, and one PagerDuty endpoint.
- up to ten email addresses when you set no Slack and PagerDuty endpoints.
- only one Slack endpoint per topic.
- only one PagerDuty endpoint per topic.
- a group address for the email endpoint.
- Confirm that you are assigned to the Security Shield Configuration Editor and Security Shield Administrator roles.
- The new subscriber must click the link in the email to activate the subscription.
Unsubscribe Users From Notifications
Privileged Users can remove Subscribers from receiving Oracle® Communications Security Shield Cloud Service (Security Shield) notifications with the following procedure. Security Shield updates the subscription list whenever a change is made to the list or when you navigate to the subscription tab.
Confirm you are assigned to the Privileged Users role.
Use the following procedure for unsubscribing recipients from any delivery method through the Subscription tab.
User Groups Required for Managing Notifications
Users who want to view or manage Oracle® Communications Security Shield Cloud Service (Security Shield) Notifications must be assigned to the following user groups according to what they want to see or do.
Access the Notification List (View information)
- OCSS User
- OCSS ACL Editor
- OCSS Configuration Editor
- OCSS Device Configuration Editor
- OCSS User Tracking and Monitoring
- OCSS Administrator
Manage Notification Rules (Set thresholds)
- OCSS Configuration Editor
- OCSS Device Configuration Editor
Manage Notification State Changes (Enable-Disable)
- OCSS Administrator
- OCSS Device Configuration Editor
Enable Notifications and Set the Thresholds
Privileged Oracle® Communications Security Shield Cloud Service (Security Shield) users can enable and disable notifications, as well as set the triggering thresholds.
- Confirm you are assigned to the OCSS Configuration Editor and OCSS Device Configuration Editor user groups to set thresholds for notifications.
- Confirm you are assigned to the OCSS User and OCSS Device Configuration Editor user groups to enable or disable notifications.
Note:
The Settings tab lists and describes the notifications you can configure.