Skip to main content

How to Configure Notification & Ticketing Rules?

The Notification & Ticketing Rules module in the RHL ASM Platform allows you to define custom rules to receive alerts or raise tickets based on specific events. You can configure these rules for categories like security risks, third‑party assets, data leaks, and more.

Each rule can be tailored using:

  • Conditions (e.g., severity, title match)
  • Action Type: Notification or Ticket
  • Detail Type: Summary or Detailed
  • Service: Slack, Email, Jira, or Issue Tracker

These rules help reduce noise and focus your attention on relevant and actionable items.

View or Edit Existing Rules

  1. Navigate to Settings > Notification & Ticketing Rules.
  2. You’ll see a table listing all existing rules with:
    • Name
    • Category
    • Notification Actions
    • Created / Updated info
  3. Use the Edit icon to edit or Delete icon to delete a rule.

Create a New Rule

  1. Click on the Create Rule button.
  2. Fill in:
    • Rule Name
    • Category Type:
      • Security Risk
      • Asset
      • Third Party Asset
      • Data Leak
      • Dark Web
  3. Define filtering conditions:
    • Click + Rule to add a new condition.
    • Use + Group to group multiple conditions.
    • Combine rules with AND / OR logic.
    • Example: 
      Severity >= HIGH
      AND
        Title = "Acao Header Allows Access From A Http Origin"
        Title = "Admin Registration Portal Exposed"
    • Toggle Match All / Filtered to apply logic globally or selectively.
  4. Choose action and delivery:
    • Action: NOTIFICATION or TICKETING
    • Type:
      • DETAILED: Full summary and top 10 instance details
      • SUMMARY: Count-only notification
      • INDIVIDUAL: One ticket per issue
      • GROUPED: One ticket per asset and severity level
    • Service:
      • Slack
      • Email
      • Jira
      • Issue Tracker
  5. Click Submit to save the rule.

⚠️ You must add at least one rule condition to submit the rule, if Match All is not selected.

Notification & Ticketing Rule Types

Notification Types

TypeDescription
DETAILEDSends total count + detailed info of top 10 instances. Best for active monitoring.
SUMMARYSends only total count. Ideal for high-volume, low-detail environments.

Ticketing Types

TypeDescription
INDIVIDUALDefault. Creates separate ticket per vulnerability. Suitable for fine-grained tracking.
GROUPEDNew. Creates a single ticket per asset & severity level. Ideal for reducing ticket volume and improving triage.

Grouped ticket format: <Asset> - <Severity>.
Description includes all grouped vulnerability details.

By configuring rules effectively, your team can reduce noise, prioritize critical issues, and automate workflows across your preferred channels.