Email notifications for Policy Violation alerts

Policy Violation alerts are generated when Xshield policies enforced on the Workload groups are violated. Policy Violation alerts belong to the Traffic alerts category of Xshield alerts and are listed on the Alerts page on the UI. Policy Violation alerts can also be sent as email notifications.

Email notifications

Enable email notifications for Policy violations

You must be the Org Admin or the Instance Admin to enable or disable email notifications. Before you enable email notifications, you must enable the Traffic alerts category and set it to Medium or Info.

• To enable email notifications, go to Settings > Configure > Alert Config and enable Receive email notifications.

Disable email notifications if you do not want the users to receive emails for Policy violations.

Action alerts from email

Email notifications for Policy Violation alerts are expected to be actioned by one of the email recipients after being notified through emails. For notified alerts that are not actioned ( Pending status in Xshield), recurring violations (for the Workload group) are not included in the notifications. 

• To log into Xshield and action the alerts, click the Log in link in the email.

• Go to Alerts, click Show Filter, select Policy Violation, and action the alerts from their 3-dot menus in the Alerts table.

Actioning an alert has the following impact on the email notification for the alert:

• Investigate - alert is included in the notification if the Policy violation recurs

• Dismiss - alert is included in the notification if the Policy violation recurs

• Suppress - alert is NOT included in the notification for the next 30 days.

• Reactivate - alert is included in the notification if the Policy violation occurs