Best Practices for Creating and Subscribing to a Topic

Simple Message Notification (SMN) can push messages to subscribers through emails, SMS messages, HTTP, or HTTPS based on user requirements. SMN involves two roles: publisher and subscriber.

Publisher: A publisher publishes messages to a topic, and SMN then delivers the messages to subscribers in the topic.
Subscriber: A subscriber can be an email address, phone number, function, or URL.
Topic: A topic is a collection of messages and serves as a logical access point and communication channel through which publishers and subscribers interact. Each topic is identified by a unique name.

Before enabling notification playbooks in SecMaster, you need to create and subscribe to a topic so that you can receive notifications.

**Table 1** Built-in notification playbooks that require **creating and subscribing to a topic**
Playbook Name	Playbook Description
Attack link analysis alert notification	This playbook analyzes attack links. If HSS generates an alert for a server, the playbook checks the website running on the server. If there are alerts for the matched website, the playbook sends an alert notification.
Automatic notification of high-risk vulnerabilities	This playbook sends emails or SMS notifications to specified recipients when vulnerabilities rated as high severity are discovered.
Automatic notification of high-risk alerts	This playbook sends emails or SMS notifications to specified recipients when there are alerts rated as high or fatal.
Real-time notifications of critical O&M operations	This playbook sends real-time notifications to specified recipients for O&M alerts generated by models. Currently, SMN notifications can be sent for three key O&M operations: attaching NICs, creating VPC peering connections, and binding EIPs to resources.
Asset protection status statistics notification	This playbook collects statistics on asset protection status every week and sends notifications to customers by email or SMS.
Notification on host asset risk statistics	This playbook checks servers with EIPs bound on the resource manager page and notifies of discovered vulnerabilities.
Alerts statistics Notify	This playbook collects statistics on uncleared alerts at 19:00 every day and sends notifications to customers by email or SMS.
Add host asset protection status notification	This playbook checks new servers and notifies you of the servers unprotected by HSS.
HSS High-Risk Alarm Interception Notification	This playbook checks HSS high-risk alarms and generates to-do task notifications for source IP addresses that are not blocked by security groups. The to-do tasks will be reviewed manually. Once confirmed, the source IP addresses will be added to a VPC block policy in SecMaster.

This topic describes how to create a topic and subscribe to it in SMN.

Prerequisites

The IAM account has been authorized. For details, see How Do I Grant Permissions to an IAM User?
You have purchased SecMaster.

Step 1: Check Your SMN ReadOnlyAccess Permission

You need to confirm that you have obtained the SMN ReadOnlyAccess permission, that is, the read-only permission of SMN.

**Table 2** Permission description
Permission	Description	Principal	Usage
SMN ReadOnlyAccess	Read-only permissions for SMN. Users with this permission can only view SMN data.	SecMaster_Agency	Used for message notification.

Take the following steps to check whether a user has obtained the SMN ReadOnlyAccess permission: If the permission is not allocated, allocate it by referring to (Optional) Step 2: Authorize the Service Agency.

Log in to the SecMaster console as an administrator.
Click in the upper left corner of the page and choose Management & Governance > Identity and Access Management.
In the navigation pane on the left, choose Agencies. On the displayed page, click agency name SecMaster_Agency and then click the Permissions tab to view all authorization records of principal SecMaster_Agency. Check whether the SMN ReadOnlyAccess or SMN FullAccess permission is included.

(Optional) Step 2: Authorize the Service Agency

Complete this step only when you follow Step 1: Check Your SMN ReadOnlyAccess Permission and confirm that you do not have the SMN ReadOnlyAccess or SMN FullAccess permission.

Log in to the SecMaster console.
Click in the upper left corner of the management console and select a region or project.
In the navigation pane on the left, choose Workspaces > Management.

Figure 1 Workspaces > Management
(Optional) In the upper part of the workspace management page, click Entrusted Service Authorization - Current Tenant.

The service authorization page is automatically displayed the first time you log in.
On the authorization page, check whether the SMN ReadOnlyAccess or SMN FullAccess permission is selected. By default, all required permissions are selected.
After confirmation, select Agree to authorization under the permissions and click Confirm.

Step 3: Create and Subscribe to a Topic

Use Simple Message Notification (SMN) to create a SecMaster topic and subscribe to the topic.

Log in to the SecMaster console.
In the upper left corner of the page, click and choose Management & Governance > Simple Message Notification.
Create a topic.
1. In the navigation pane on the left, choose Topic Management > Topics. In the upper right corner of the displayed page, click Create Topic.
  Figure 2 Create Topic
2. In the Create Topic dialog box displayed, configure topic information and click OK.
  - Topic Name: Set it to SecMaster-Notification.
  - Display Name: SecMaster notification topic is recommended.
  - Retain default values for other parameters.
  Topic Name must be set to SecMaster-Notification, or playbooks may fail to be executed.
Add a subscription.
1. On the Topics page, locate the row that contains the SecMaster-Notification topic and click Add Subscription in the Operation column.
2. On the displayed Add Subscription slide-out panel, configure subscription information and click OK.
  - Protocol: Select a notification method based on your needs. Email is used as an example.
  - Endpoint: Enter the email address of the subscription endpoint, for example, username@example.com.
Confirm the subscription.
After a subscription is added, a confirmation email will be sent to the email address set in 4. Click the subscription confirmation link in the email. A page for a successful subscription will be displayed.

Related Documents

Refer to this best practices to configure and enable playbooks related to notifications. For details, see Table 3.

**Table 3** Configuring and enabling the built-in notification playbooks
Playbook Name	Playbook Description
Attack link analysis alert notification	This playbook analyzes attack links. If HSS generates an alert for a server, the playbook checks the website running on the server. If there are alerts for the matched website, the playbook sends an alert notification.
Automatic notification of high-risk vulnerabilities	This playbook sends emails or SMS notifications to specified recipients when vulnerabilities rated as high severity are discovered.
Automatic notification of high-risk alerts	This playbook sends emails or SMS notifications to specified recipients when there are alerts rated as high or fatal.
Real-time notifications of critical O&M operations	This playbook sends real-time notifications to specified recipients for O&M alerts generated by models. Currently, SMN notifications can be sent for three key O&M operations: attaching NICs, creating VPC peering connections, and binding EIPs to resources.
Asset protection status statistics notification	This playbook collects statistics on asset protection status every week and sends notifications to customers by email or SMS.
Notification on host asset risk statistics	This playbook checks servers with EIPs bound on the resource manager page and notifies of discovered vulnerabilities.
Alerts statistics Notify	This playbook collects statistics on uncleared alerts at 19:00 every day and sends notifications to customers by email or SMS.
Add host asset protection status notification	This playbook checks new servers and notifies you of the servers unprotected by HSS.
HSS High-Risk Alarm Interception Notification	This playbook checks HSS high-risk alarms and generates to-do task notifications for source IP addresses that are not blocked by security groups. The to-do tasks will be reviewed manually. Once confirmed, the source IP addresses will be added to the VPC block policy in SecMaster.

Previous topic: Credential Leakage Response Solution

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot