Alert Configurations

Alert Configurations

Home > Digital Experience Management > Alerts > Alert Configuration

About Alert Configurations

Netskope’s Digital Experience Management (DEM) provides you with alerts about key events. The Alert Configurations page gives you the ability to customize the criteria for specific alerts. You can configure alert notifications to be sent via email, Slack, and custom webhooks. To learn more about notification methods please see, Notification Methods.

The Alerts and Alert Configurations features are RBAC-enabled. To configure alerts and webhooks you need to set the permissions to “view” or “manage” to view these features.

About Alerts

The alerting system is an important component of DEM as it enables you to proactively monitor the performance of your digital services without constantly keeping an eye on your dashboards. You can view a log of triggered alerts on the Alerts page of your tenant. To learn more about the Alerts page, please see About Alerts

Types of Supported Alerts

The Alerts Configuration page gives you the ability to configure four types of alerts:

  • Tunnel Status Alerts: These alerts monitor the availability of the IPSEC and GRE tunnels. The status of IPSEC tunnels is determined by the connection status. For GRE, a combination of traffic and tunnel probes are used to measure if the GRE tunnel is up or down.
  • Tunnel Flapping Alerts: These alerts monitor the stability of the tunnels. This alert type is useful for identifying tunnels with unstable connections. Identifying which tunnels have unstable connections will allow network administrators to take corrective action and ensure network reliability.
  • Service Redirect Alerts: These alerts monitor the status of Netskope services. These alerts are designed to inform you about the operational state of services in a Point of Presence (POP) that you utilize. This data provides you with awareness about any issues that might impact user experiences. These alerts indicate when Netskope is addressing a service disruption by redirecting traffic or taking other mitigating actions. In most cases, this is an informational alert with no action needed on your end. However, if you think that an alert might correlate to any issues in your network, please open a case with the network support team.
  • Publisher Resource Utilization Alerts: These alerts allow NPA customers to monitor the resource utilization (CPU, Memory, and Storage) of publishers and get alerted when they meet a certain threshold.

About the Alert Configurations Page

The Alert Configurations page displays a list of your enabled and disabled alert configurations, and ability to edit them. Enabled configurations are actively monitored by the alerts platform while disabled configurations are ignored until they are enabled again. This page also gives you the ability to create new alert configurations and create new notification methods.

The Alerts Configurations page provides you with the following capabilities:

  1. Alert Configurations Table: The table of information displays a list of your existing alert configurations. The following is a list of the columns on the alert configurations table:
    1. Trigger: Trigger provides the current status of these alerts. 
    2. Alert Configuration Name: The name that you created for an alert during the alert configuration process.
    3. Category: The category that the alert belongs to. There are three categories:
      • Network
      • Platform
      • Private Apps
    4. Type: Which of the four types an alert is. There are four alert types:
      • Tunnel Status
      • Tunnel Flapping
      • Service Status
      • Publisher Resource Consumption
    5. Condition: The condition that you have defined to trigger an alert. An alert will be triggered when this condition is met.
    6. Severity: The severity level that you have selected for an alert configuration. The severity level is determined by you and helps you classify the severity of an alert configuration.
    7.  Last Edited: The date and time that an alert configuration was last edited.
    8. Status: Whether an alert configuration is enabled or disabled. Disabled alerts are ignored, however, a disabled alert is still counted against the limit of five alert configurations.
  2. Preview Icon: View additional details about a specific alert configuration by clicking the preview icon to open the “Configuration Details” window.
  3. Ellipse Icon: Clicking the ellipse icon opens a menu with the following options:
    • View Details: Click View Details to view additional information about a selected alert configuration.
    • Edit: Click Edit to open the “Edit Alert Configuration” window for a selected alert configuration.
    • Clone: Click Clone to create a clone of an existing alert.
    • Disable: Click disable to disable an alert configuration. The moment you disable an alert configuration, all of the open alerts will be closed.
    • Delete: Click delete to delete an alert configuration.
  4. New Alert Configuration Button: Create a new alert configuration.
  5. Filters Menu: Utilize the filters menu to sort and find existing alert configurations. The following are the controls in the filters section:
    • Add Filter Button: Clicking the Add Filter button opens a dropdown filters menu. You can select filters that you would like to apply by clicking the checkboxes next to the filter names, or by using the Search filter field.
    • Alert Configuration Name Field: You can use this field to filter for a specific alert configuration by name.
    • Clear menu: The clear menu allows you to clear your filter selections by choosing to either “clear all filters” or “clear and remove all filters”. 
  6. Webhooks: Clicking the Webhooks button launches the Webhooks window.

How to Configure Alerts

The Alerts and Alert Configurations features are RBAC-enabled. To configure alerts and webhooks you need to set the permissions to “view” or “manage” to view these features.

About the New Alert Configuration Window

The “New Alert Configuration” window gives you the ability to configure four types of alerts. 

You can create a webhook before creating a new alert configuration. To learn more about creating a webhook, please see, Notification Methods.

The following provides you with information about the fields in the “New Alert Configuration” window:

  • Alert Name: Enter the name of your new alert configuration in this field.
  • Status: Set the status toggle to determine the status of a new alert:
    • Enabled: An enabled status means an alert configuration is active.
    • Disabled: A disabled status means an alert configuration is disabled.
  • Category: Select the category for the alert. Categories are groupings of supported alert types. The categories are Network, Platform, and Private Apps.
  • Alert Type: Select the alert type. The alert types are Tunnel Status, Tunnel Flapping, Service Status, and Publisher Resource Consumption.To learn more about the alert types please, see Alert Types
  • Condition: Select the condition that must be met to trigger the alert.
  • Severity Levels: Choose the severity level for the alert.
    • Critical
    • High
    • Medium
    • Low
    • Informational
  • Notification Method: Select the notification type that you want to be sent when the alert is triggered, resolved, disabled, deleted, or expired. To learn more about notification methods please see, Notification Methods.
    • Email: Enter the email address where you want the notification to be sent in the email field.
    • Webhook: To select a webhook, you must create a webhook before you configure an alert. If not, please create a webhook before you continue configuring your alert. After you have configured a webhook, you can select your configured webhook when configuring a new alert.
  • Save button: Click the save button to save your new alert configuration.
You can create a maximum of 5 alert rules per tenant. The Create a New Alert Configuration button will be disabled once you create a maximum of 5 alert rules. To create a new alert rule, you must delete one of the existing alert rules.

To Configure an Alert for Tunnel Status

Tunnel Status alerts can be configured to allow you to monitor the availability of the tunnels. You can choose to monitor all tunnels or a specific subset of tunnels. The selection can be made from a list that includes active primary and backup tunnels. Only tunnels that have an associated POP are available for selection.

You can configure a new Tunnel Status alert by doing the following:

  1. To begin the configuration process for a new Tunnel Status alert, open the New Alert Configuration window. 
  2. Create an alert name.
  3. Use the Status toggle to set the alert to enabled or disabled. The Status toggle is set to enabled by default. Use the toggle to set an alert configuration status to disabled to disable it
  4. For the category, select Network.
  5. For the alert type, select Tunnel Status.
  6. Select the IPSec or GRE tunnels tab to choose the tunnels that you want the alert configuration to monitor.
To accurately monitor GRE Tunnels, Keep-Alive probes must be set up with a frequency of at least 30 seconds. The lower the frequency, the higher the accuracy of the alerts.

An alert is triggered only if the GRE tunnel remains down for the configured duration, which should not be less than the Keep Alive probe frequency. If Keep Alive probes are not configured before setting up alerts, it can lead to an increase in false positives, making the alerts ineffective and inaccurate.
  1. View the tunnels available to be monitored by clicking the Tunnel = field.
  2. Select the tunnels that you want to monitor:
    • To monitor all tunnels: Click the checkbox next to All Tunnels.
    • To exclude specific tunnels: After clicking the checkbox to monitor all tunnels, an add exclusion field will appear below the original Tunnel = field. In the new field, select the tunnels that you would like to exclude by clicking the checkbox next to the name of the tunnels that you want to exclude.
    • To monitor a specific selection of tunnels: Ensure that the All Tunnels checkbox is unchecked. Then, select the specific tunnels that you want to monitor by clicking the checkbox next to the name of each tunnel that you want to monitor
  3. Select the condition. This condition determines when an alert is triggered. You can select from a status down condition of between one to ten minutes.
  4. Select the severity level.
  5. Select the Notification Method:
    • Email: Enter the email address where you want to send the alert notifications.
    • Webhook: Select an existing webhook, or to create a new webhook, please read, How to Create a New Webhook.
  6. Click the Save button to create your new alert.
  7. You can view your saved alert configuration on the Alert Configurations page.

To Configure an Alert for Tunnel Flapping

The alert configuration process for Tunnel Flapping alerts for IPSec tunnels is designed to monitor and provide alerts on the stability of network tunnels, and to identify when they frequently go up and down within a short period of time, which is a behavior known as “flapping”.

The process for GRE tunnels mirrors that of IPSEC, with one critically important difference: you must ensure that keep-alives are configured within the tunnel prior to setting up a GRE tunnel alert. This step is crucial because creating an alert without keep-alives could lead to an increased risk of false positives which could render the alerts less effective.

You can configure a new Tunnel Flapping alert by doing the following:

  1. To begin the configuration process for a new Tunnel Status alert, open the New Alert Configuration window. 
  2. Create an alert name.
  3. Use the Status toggle to set the alert to enabled or disabled.
  4. For the category, select Network.
  5. For the alert type, select Tunnel Flapping.
  6. Select the IPSec or GRE tunnels tab to choose the tunnels that you want the alert configuration to monitor.
To accurately monitor GRE Tunnels, Keep Alive probes must be set up with a frequency of at least 30 seconds. The lower the frequency, the higher the accuracy of the alerts.

An alert is triggered only if the GRE tunnel remains down for the configured duration, which should not be less than the Keep Alive probe frequency. If Keep Alive probes are not configured before setting up alerts, it can lead to an increase in false positives, making the alerts ineffective and inaccurate.
  1. View the tunnels available to be monitored by clicking the Tunnel = field.
  2. Select the tunnels that you want to monitor:
    • To monitor all tunnels: Click the checkbox next to All Tunnels.
    • To exclude specific tunnels: After clicking the checkbox to monitor all tunnels, an add exclusion field will appear below the original Tunnel = field. In the new field, select the tunnels that you would like to exclude by clicking the checkbox next to the name of the tunnels that you want to exclude.
    • To monitor a specific selection of tunnels: Ensure that the All Tunnels checkbox is unchecked. Then, select the specific tunnels that you want to monitor by clicking the checkbox next to the name of each tunnel that you want to monitor
  3. Select the condition. This setting determines how quickly an alert is generated after a tunnel goes down. You can select from status change in 5, 10, or 15 minutes.
  4. Select the severity.
  5. Select the Notification Method:
    • Email: Enter the email address where you want to send the alert notifications.
    • Webhook: Select an existing webhook, or to create a new webhook, please read, How to Create a New Webhook.
  6. Click the Save button to create your new alert.
  7. You can view your saved alert configuration on the Alert Configurations page.

To Configure an Alert for Service Status

The Service Status Alerts are designed to inform customers about the operational state of services in a Point of Presence (POP) they utilize. These alerts serve as notifications about any issues that might impact user experiences. These alerts are primarily for informational purposes, and indicate when Netskope is addressing a service disruption by redirecting traffic or taking other mitigating actions. These actions often require no immediate action from customers. 

You can configure a new Service Status alert by doing the following:

  1. To begin the configuration process for a new Tunnel Status alert, open the New Alert Configuration window. 
  2. Create an alert name.
  3. Use the Status toggle to set the alert to enabled or disabled.
  4. For the category, select Platform.
  5. For the alert type, select Service Status.
  6. View the POPs available to be monitored by clicking the POPs= field. 
  7. Select the POPs that you want to monitor by clicking the checkbox next to the name of the specific POP.
  8. Select the condition by clicking the Services = field to view the services and make your selections. 
Only services used by you are shown in the list. Measurements occur every five minutes to monitor service performance. If performance drops based on Netskope defined performance thresholds, you will receive an alert. This alert rarely requires action from you because Netskope failover methods will kick in. If you still observe issues in your network which align to the time of the alerts, please open a support ticket.

For IPSEC and GRE, please check your configuration to see if manual traffic steering is required.
  1. Select the severity.
  2. Select the notification Method:
    • Email: Enter the email address where you want to send the alert notifications.
    • Webhook: Select an existing webhook, or to create a new webhook, please read, How to Create a New Webhook.
  3. Click the Save button to create your new alert.
  4. You can view your saved alert configuration on the Alert Configurations page.

To Configure an Alert for Publisher Resource Consumption

The Publisher Resource Utilization alert is designed to help you monitor and manage the resource consumption of your publishers effectively.

  1. To begin the configuration process for a new Publisher Resource Consumption alert, open the New Alert Configuration window. 
  2. Create an alert name.
  3. Use the Status toggle to set the alert to enabled or disabled.
  4. For the category, select Private Apps.
  5. For the alert type, select Publisher Resource Consumption.
  6. View the publishers available to be monitored by clicking the Publishers = field. 
  7. Select the publishers that you want to monitor:
    • To monitor all publishers: Click the checkbox next to All Publishers.
    • To exclude specific publishers: After clicking the checkbox to monitor all publishers, click +Exclusions, an add exclusion field will appear below the original Publishers = field. In the new field, select the publishers that you would like to exclude by clicking the checkbox next to the name of the publishers that you want to exclude.
    • To monitor a specific selection of publishers: Ensure that the All Publishers checkbox is unchecked. Then, select the specific publishers that you want to monitor by clicking the checkbox next to the name of each publisher that you want to monitor.
  8. Select the condition by clicking the checkboxes next to the conditions that you want to select:
    • CPU Usage: An alert can be set to trigger if CPU usage exceeds a certain percentage (x%) within a specified time frame. Measurements are taken every fifth minute.
    • Memory Usage: Similar to CPU, an alert can be configured for memory usage exceeding a certain threshold (X%) within a given time (t minutes). Measurements are taken every fifth minute.
    • Storage Usage: For storage, the condition is set to trigger an alert if usage meets or surpasses a set percentage (X%) within the defined time. Measurements are taken every fifth minute.
  9. Select the severity.
  10. Select the notification Method:
    • Email: Enter the email address where you want to send the alert notifications.
    • Webhook: Select an existing webhook, or to create a new webhook.
  11. Click the Save button to create your new alert.
  12. You can view your saved alert configuration on the Alert Configurations page.

How to Manage Existing Alerts

To View Alert Configuration Details

You can view the alert configuration details for an existing alert configuration by doing the following:

  1. Go to Digital Experience Management > Alerts > Alert Configuration.
  2. A list of configured alerts will be displayed on the “Alert Configuration” page.
  3. Click the preview icon next to the alert configuration for which you want to view details.
  4. The “Alert Configuration Details” window will open.
  5. The Alert Configuration Details window displays the following information:
    • Triggered: When the current status is triggered, it means that an alert condition rule has been met and the alert is currently active.
    • Status: Whether the alert is enabled or disabled.
    • Category: The alert category.
    • Alert Type: The alert type.
    • Condition: The conditions for the alert to be triggered.
    • Severity: The severity level that has been chosen for the alert.
    • Notification Method: The notification methods that have been selected for the alert.
    • Last Edited: This information provides data on the date, time of day, and person who last edited the alert configuration.
  6. Click the Edit button to edit the alert configuration or click the X button to close the window.

To Edit an Existing Alert Configuration

  1. Go to the Alert Configurations page.
  2. Click the ellipse icon next to the alert configuration that you want to edit.
  3. Select Edit from the options.
  4. The Edit Alert Configuration window will open.
  5. Make your changes.
  6. Click the Save button.
When you edit an alert configuration all of the open alerts will be closed.
You can also open the Edit Alert Configuration window by clicking the preview icon next to the alert configuration that you want to edit. Then, click the Edit button to open the window.

To Delete an Existing Alert Configuration

  1. Go to Digital Experience Management > Alerts > Alert Configuration.
  2. View the table of existing alert configurations on the “Alert Configuration” page.
  3. Click the ellipse icon on the row of the alert configuration that you want to delete.
  4. A menu of options will open.
  5. Click the option to Delete.
  6. The deletion confirmation window will appear.
  7. Click the Delete button in the window.
  8. The alert configuration will be deleted.
When you delete an alert configuration all of the open alerts will be closed.

To Clone an Alert Configuration

  1. Go to the Alert Configurations page.
  2. Click the ellipsis icon.
  3. Select Clone from the options.
  4. The New Alert Configuration window will appear with the fields filled-in with the information from the existing alert configuration that you selected to clone.
  5. You can create a new alert name, or leave the default name which will be the name of the existing alert configuration and the word “copy”.

To Disable or Enable an Alert Configuration

  1. Go to the Alert Configurations page.
  2. Click the ellipsis icon.
  3. Select disable or enable.
When you disable an alert configuration all of the open alerts will be closed.
Share this Doc

Alert Configurations

Or copy link

In this topic ...