Configuring Notifications in Invicti Enterprise

Creating notifications

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

You can create notifications in Invicti Enterprise to be informed about scans launched or failed and issues identified.

  • Not all web applications and vulnerabilities have the same criticality. The urgency of fixing cross-site scripting (XSS) vulnerability on a staging website is different from that of a cross-site scripting vulnerability on a live website.
  • The live website needs immediate attention because it is available to the public and attackers can easily find vulnerabilities and exploit them.

As an automated application security tool, Invicti can scan your web application. Further, the tool can inform you about the scans – when launched and finished – via email and SMS. The tool can also notify recipients external to Invicti, following a Scan Completed event. So, you and your team members can be notified about the status of a web application security scan or when specific vulnerabilities are identified on the web applications you are scanning.

Sending issues automatically

Invicti can also send issues identified to an issue tracking system. If you integrate Invicti with an issue tracking system, such as Jira, and configure the notification, Invicti can import issues automatically. This helps developers to start fixing vulnerabilities right away. For further information, see Configuring notifications to report vulnerabilities to an issue tracking system.

This topic explains how to create and configure notifications. Managing notifications? See Managing Notifications.

New Notification fields

This table lists and explains the columns on the New Notification page.

ColumnDescription
NameThis is the name of the Notification. The default Notification names are descriptive, corresponding to the Event reported. When you create your own notification, you can enter whatever name you wish.
EventThis is the scan event that triggers the Notification. The options are:
New Scan
Out-of-date Technology
Scan Cancelled
Scan Failed
Scan Completed
Scheduled Scan Launch Failed
StatusThis indicates whether the Notification is Enabled or Disabled.
GroupThis is an option that enables users to get one summary notification instead of separate notifications within a specified period. When the option is enabled, a slider is displayed, which ranges from 10 to 240 minutes.
The options are:
Disabled
Enabled
Website ScopeThis indicates that the notification will be sent if the scan is related to the website or website group. The options are:
Any Website – Notification definitions will be applied to all websites
Website Group – Notifications will be sent if the Scan is related to any Website in the group
When the Website Group option is selected, a drop-down appears so that you can select a website group.
Website – Notifications will be sent if the Scan is related to the selected website
When the Website option is selected, a drop-down to select a website and relevant scan group appears. You can select a scan group to receive notifications about that scan group. For further information, see Scan Groups in Invicti Enterprise.
User ScopeThis option indicates who receives the notification. There are two options:
Any User: Any members within the account receive the notification.
Self: The user who created the notification receives the notification.
The User Scope is only shown to users who have the Manage Notifications(Account) permission.
Email RecipientsThis is a list of the names and email addresses of the recipients that will receive an email notification.
The following are specific recipients:
Website Technical Contact – the person assigned while adding the website.
Person Who Started Scan – the person launched the scan.
All Authorized – all users within the account.
Account Admins
SMS RecipientsThis is a list of the names and phone numbers of the recipients that will receive an SMS notification. For further information about the SMS configuration, see Configuring the User Profile for Notifications.
The following are specific recipients:
Website Technical Contact – the person assigned while adding the website.
Person Who Started Scan – the person launched the scan.
All Authorized – all users within the account.
Account Admins
Add Attachment ReportThis is a field that is displayed when the Scan Completed option is selected in Event.

It enables you to specify various reports by adding information on report types and formats. Reports will be sent as email attachments. Select New Report to choose a report type and Clear to delete it.
Excluded RecipientsThis is a list of the names of recipients that will not receive notifications related to this rule.
Integration EndpointsEnter the Integration Endpoint name if required. This is a list of configured integrations and is currently only available if you select the New Scan or Scan Completed option in the Event drop-down.
Add FilterThis is a field that is displayed when the Scan Completed option is selected in Event.

It enables you to specify the filtering options for vulnerabilities by adding filters. Vulnerabilities matched by the filter will be sent in the notification. Select New Filter to choose filter specifications and Clear to delete it.

Filter fields are Field, Operator, and Value.
How to create a notification
  1. Log in to Invicti Enterprise.
  2. From the main menu, select Notifications > New Notification.
  1. In the Settings section, configure the following fields:
    • In the Name field, enter the name of the new notification.
    • In the Status field, select enable or disable.
    • From the Event drop-down, select the relevant option.
    • In the Group field, select enable or disable.
    • From the Website Scope field, select the relevant option.
    • From the User Scope field, select the relevant option.
  2. In the Email/SMS Recipients section, configure the following fields:
    • In the Email Recipients field, select or enter a recipient. You can add any recipients.
    • In the SMS Recipients field, select or enter a recipient.
  1. If you selected Scan Completed from the Event drop-down, the Add Filter and Add Attachment Report options are activated. Set your filters, if required. For further information, see Filters for Email/SMS Recipients and Integration endpoint.
  1. In the Excluded Recipients field, select and enter a recipient.
  2. In the Integration Endpoints field, select an integration, if required. You can add a filter when Scan Completed from the Event drop-down is selected. For further information, see Filters for Email/SMS Recipients and Integration endpoint.
  1. Select Save.

How the scope affects notification

Website scope and user scope determine who receives notifications for which websites and website groups. So, it is crucial to determine these said scopes carefully. 

For example, if ‘Any Website’ and ‘Any User’ is selected, notifications will be sent out for all websites on the account, regardless of whether the user has access to that website. 

The following table shows who receive notifications under which scope: 

Website ScopeUser ScopeNotification
Any websiteAny UserAll users 
Any websiteSelfOnly creator
Website GroupAny UserAuthorized users to website group
Website GroupSelfOnly creator
WebsiteAny UserAuthorized users to a website
WebsiteSelfOnly Creator

Filters for Email/SMS Recipients and integration endpoint

While creating a notification, you can configure it to send email and SMS notifications for selected events. Also, you can apply filters to email and SMS notifications. 

  • For example, you may want to receive an email notification only if Invicti Enterprise identified a vulnerability whose severity level is High or above. If so, Invicti will send notification(s) only if it detects such vulnerabilities. 
  • Otherwise, it will not send any notifications. If you do not set any filters, you can receive all notifications about vulnerabilities. 

Similarly, integrations are sent according to the filters you specify. If you do not specify any filters, all detected issues are sent to the integrations you selected. You can create more effective and dynamic filters with this option.

This table lists and explains the fields in the field column of Add Filter.

ColumnDescription
SeveritySpecify a Severity level. Clarify this level with the help of logical operators. For further information about severity levels, see Vulnerability Severity Levels.
Is ConfirmedUse the Is Confirmed filter if you want to be notified of verified issues.
CertaintyProvide a Certainty percentage (between 0-100) according to the accuracy of the issue. Clarify the precision with the help of logical operators.
StateSpecify a State level. Use this filter if you want to receive a notification about the status of issue(s). This option only appears in the Integration Endpoint filtering. 
The state levels are explained as follows: 
New – This indicates that this issue has been identified for the first time.
Not Found – This indicates Invicti had not found this vulnerability in that scan
Not Fixed – This indicates the vulnerability has not been fixed.
Fixed – This indicates the vulnerability has been fixed. 
Revived – This indicates that the issue had been fixed in previous scans but revived again. 

How to configure a notification to email a report after a scan

  1. Log in to Invicti Enterprise.
  2. From the main menu, select Notifications > Manage Notification
  3. For any notification with an Event of Scan Completed, select Edit
  1. If required, in the Email Recipients field, enter additional registered recipients or a valid email address of an external recipient.
  1. In the Add Attachment Report field, select New Report. New Report and Format drop-downs are displayed.
  1. From the Report and Format drop-downs, select an attachment(s) report to add to the email notification (a maximum of three report types is allowed).
  2. Select Save.

The specified reports following configured scans that are completed will now be sent as email attachments in the email notification sent to the specified recipients.