Open source CVE analysis notifications in IBM Support Insights
The Open source CVE analysis alerts section is located immediately after the Hardware end of support alerts and is collapsed by default, with notifications being disabled. The section can be expanded by clicking anywhere on it. Once expanded, this section allows you to create new alerts and manage existing ones. The open source CVE analysis alerts section allows for multiple notifications to be set up - you may opt to receive mail alerts for different categories or packages, with different mailing frequency, as outlined further on this page.
Upon initial expansion of the section, you will see an empty list of subscriptions and an active
Add Subscription button, using which you can set up new alerts.
When you click the Add Subscription button, a new dialog window will open
enabling you to create a new alert.
The dialog window consists of the following sections:
1. Report name
The Report name is a free form text field, allowing you to give a suitable name to the particular alert. if you have numerous alerts set-up - having a distinguishable name will allow you to better recognize the alert's contents.
2. Categories and packages
-
Selecting categories:
The first section prompts you to choose a software category, which can automatically pre-select the packages (the second step of the dialog). Choosing categories is optional. If you do not wish to pre-load any packages using the category selector - you can simply proceed to the second section of the dialog.
Packages depend on the category selection and are pre-selected in accordance with the chosen category.
-
Selecting packages:
If you have chosen a category in the previous dropdown menu - a number of associated packages will be pre-selected in the packages dropdown menu. If you wish to choose less or more from the available packages - you may do so manually. That will not affect your previous category selection.
For example, if you have chosen the Business applications category, you will have a set number of packages selected. You could choose to add more packages that are not from the Business applications category, or choose to remove some from said category - that will not impact your selection of category. However, if you go back to the category selector and choose a different category (or several) - that will modify your selection of packages.
The category does not depend on the packages selection.
While selecting categories is optional, selecting packages is mandatory - if you do not choose packages you're interested in, opting for mail alerts associated with any packages is not possible.
Once you have chosen all packages of interest, you can move onto the third, and last, section of the dialog window.
3. Frequency
This is where you set up how often you wish to receive the mail alerts. You can opt to have them Quarterly, Monthly or Weekly. If you choose Quarterly or Monthly - a dropdown menu will open immediately after, allowing you to choose the day of the month, on which to receive the e-mail. If you choose Weekly, the dropdown that opens after selection will contain the days of the week, allowing you to choose a specific day on which to receive the e-mail.
4. Filters
The Filters section is optional and allows you to set up a Severity filter for the alerts in two different fields. The All option is pre-selected in both filter dropdowns and if you choose not to make modifications - your subscription will be created with that selection.
The first dropdown - Severity v2 filter - relates to searching for CVE alerts in an external legacy CVE system, whereas the second one - Severity v3 filter - is related to searching for CVE alerts in a new external CVE system. You can choose the severities that interest you for the respective systems and they do not need to be identical for the two different systems.
5. Delivery Preferences
The Delivery preferences section allows you to choose the delivery method and the delivery file format.
The Delivery method is currently not an active field as e-mail is the only form of alerts that can be set up at the moment.
Please note, mail notifications are sent out from IBM.Support.Insights.Notify@ibm.com . As mail servers have different policies and configurations - please make sure to add the e-mail ID to your list of trusted senders, in order to assure that you will receive all necessary mails from the application.
The Delivery format is where you can choose whether to receive the alerts file in
.xlsx
format or
.csv
format, with the
.xlsx
file format being pre-selected in the dropdown menu selector.
Once you are ready with all of your selections, the Save subscription button
will become active.
When you click the button, the new alert will be saved and visible in the subscriptions list table.
On the far left-hand side of any subscription is a check-box, allowing you to select one or
multiple subscriptions. When you do so, a toolbar appears, replacing the asset table's header, and
the toolbar contains a Select all button and a Delete button. If
you click on Delete - this will delete all selected subscriptions.
Additionally, on the far right-hand side of each subscription are two button icons - a pencil icon allowing you to edit a subscription, and a delete icon allowing you to delete a subscription. If you choose to Edit a subscription, the same dialog window will appear as outlined previously, and all fields will be editable (except the Delivery method as previously specified).
Furthermore, each subscription's name is a clickable element. Once you click on the name, a pop-up dialog window opens up containing the categories and packages included in the subscription:
The view allows you to see the selected items. If you with the modify the elements of the
subscription, you may click the Edit button, which will open the creation/edit
dialog window outlined previously.
Please note, subscriptions are set per user per client account. Other users of the same client account will not be able to see the subscriptions you have set up.