Security Conscience Notification Triggers

In this article we will discuss the creation of some security minded notifications in JSCAPE MFT Server.
  1. Blog

Overview

In this article we will discuss the creation of some security conscience notifications. We will be using Triggers to respond via email when certain events take place that an administrator may wish to know about immediately. This can be useful when you have a complex configuration on your JSCAPE MFT Server that includes many Users, Groups and Triggers.

Security Conscience Notifications

A few events that an administrator may want to be notified of quickly include administrator account changes, reverse proxy settings changes, group settings changes, IP access rules updated and IP addresses blocked by one of your IP access policies. The best way to do this with JSCAPE MFT Server is to use email. So we want to be notified via email when one of these events takes place. We will need to create a set of Triggers with "Send Email" actions. These triggers will listen for these certain events to take place and automatically send an email to a specific email address (i.e. an administrator’s email address).

The first Trigger we will add will be the administrator changed notification. Navigate to the Triggers Node under your JSCAPE MFT Server Domain and click “Add”. Give your new Trigger an appropriate name and description. Select the “Administrator Created” Event Type because we want this Trigger to fire when an administrator account is created. Now click “Next”.

admin-created-email-notification.png

At this point you can add an expression if you want to, but it is not required for this notification to work. If you leave the Expression blank the Trigger will simply fire when a new administrator account is created. You can add specific conditions to an administrator account creation that must happen as well in order to fire the Trigger, i.e. the AdministratorEnabled variable set to TRUE. This would require that the new administrator account actually be enabled for this Trigger to fire.

administratorenabledvariable.png

Click “Next”. Now we need to add the send email Action by clicking “Add”. From the Add Action drop down menu select the “Send Email” Action. You will need to fill in all of the outgoing email server settings including the account information JSCAPE MFT Server will use to authenticate to and use. You can write a custom message for the body of the email and add variables to show you the information you want in the notification email.

admincreatedemailnotif.png

admincreatedemailnotif2.png

Now you have the first Trigger set up. To test this Trigger you can click on “Settings” and click on the “Administrators” tab under “Manager Services”. Click the “Add” button and create a new administrator account.

addadmininmftserver.png

The Trigger should fire and send an email when the new account is created. The email notification I created looks like this when it is sent.

Email Sent by Trigger

Following the same process you can create a set of triggers with these Event Types:

Administrator Changed

Administrator Deleted

Reverse Proxy Deleted

Reverse Proxy Updated

Group Deleted

Group Updated

IP Access Rules Updated

IP Blocked

All of these Triggers will use the same “Send Email” Event Type and you can leave the Expression blank in order to achieve the event has occurred equals TRUE condition. There is one exception with the “Administrator Changed” Event Type. With the “Administrator Changed” Event Type you should add an expression that looks like this:

AdministratorEnabledChanged = TRUE OR AdministratorNameChanged = TRUE OR AdministratorPasswordChanged = TRUE

This way we can make sure that the Trigger will fire when any of these settings are changed.

Summary

In this article we learned how to create a set of Triggers to act as security notifications for events that we would be concerned with as an administrator. These triggers watch for sensitive events and notify us via email when they happen. This way we can make sure that we know when these events happen, whether the proper personnel makes the changes or someone else does. There are many Event Types built into JSCAPE MFT Server Triggers. Your setup and priorities may vary from other administrators so take a few minutes to look through the built in Event Types and identify the events that are important to you.

Downloads

Download JSCAPE MFT Server