Configuring event notification

Kaspersky Security Center allows you to select a method of notifying the administrator of events on client devices and to configure notification:

Email. When an event occurs, the application sends a notification to email addresses specified. You can edit the text of the notification.
SMS. When an event occurs, the application sends a notification to the phone numbers specified. You can configure SMS notifications to be sent through the mail gateway.
Executable file. When an event occurs on a device, the executable file is started on the administrator's workstation. Using the executable file, the administrator can receive the parameters of any event that has occurred.

To configure notification of events occurring on client devices:

In the console tree, select the node with the name of the required Administration Server.
In the workspace of the node, select the Events tab.
Click the Configure notifications and event export link and select the Configure notifications value in the drop-down list.
This opens the Properties: Events window.
In the Notification section, select a notification method (by email, by SMS, or by running an executable file) and define the notification settings:
- Email
  The Email tab allows you to configure email notifications for events.
  
  In the Recipients (email addresses) field, specify the email addresses to which the application will send notifications. You can specify multiple addresses in this field, by separating them with semicolons.
  
  In the SMTP servers field, specify mail server addresses, separating them with semicolons. You can use the following values:
  - IPv4 or IPv6 address
  - Windows network name (NetBIOS name) of the device
  - DNS name of the SMTP server
  In the SMTP server port field, specify the number of an SMTP server communication port. The default port number is 25.
  
  If you enable the Use DNS MX lookup option, you can use several MX records of the IP addresses for the same DNS name of the SMTP server. The same DNS name may have several MX records with different values of priority of receiving email messages. Administration Server attempts to send email notifications to the SMTP server in ascending order of MX records priority. By default, this option is disabled.
  
  If you enable the Use DNS MX lookup option and do not enable usage of TLS settings, we recommend that you use the DNSSEC settings on your server device as an additional measure of protection for sending email notifications.
  
  Click the Settings link to define additional notification settings:
  - Subject name (subject name of an email message)
  - Sender email address
  - ESMTP authentication settings
  You have to specify an account for authentication on an SMTP server if the ESMTP authentication option is enabled for the SMTP server.
  - TLS settings for the SMTP server:
    - Do not use TLS
    You can select this option if you want to disable encryption of email messages.
    - Use TLS if supported by SMTP server
    You can select this option if you want to use a TLS connection to an SMTP server. If the SMTP server does not support TLS, Administration Server connects the SMTP server without using TLS.
    - Always use TLS, check the server certificate for validity
    You can select this option if you want to use TLS authentication settings. If the SMTP server does not support TLS, Administration Server cannot connect the SMTP server.
  We recommend that you use this option for better protection of the connection with an SMTP server. If you select this option, you can set authentication settings for a TLS connection.
  
  If you choose Always use TLS, check the server certificate for validity value, you can specify a certificate for authentication of the SMTP server and choose whether you want to enable communication through any version of TLS or only through TLS 1.2 or later versions. Also, you can specify a certificate for client authentication on the SMTP server.
  
  You can specify TLS settings for an SMTP server:
  - Browse for an SMTP server certificate file:
  You can receive a file with the list of certificates from a trusted certification authority and upload the file to Administration Server. Kaspersky Security Center checks whether the certificate of an SMTP server is also signed by a trusted certification authority. Kaspersky Security Center cannot connect to an SMTP server if the certificate of the SMTP server is not received from a trusted certification authority.
  - Browse for a client certificate file:
  You can use a certificate that you received from any source, for example, from any trusted certification authority. You must specify the certificate and its private key by using one of the following certificate types:
  - X-509 certificate:
  You must specify a file with the certificate and a file with the private key. Both files do not depend on each other and the order of loading of the files is not significant. When both files are loaded, you must specify the password for decoding the private key. The password can have an empty value if the private key is not encoded.
  - pkcs12 container:
  You must upload a single file that contains the certificate and its private key. When the file is loaded, you must then specify the password for decoding the private key. The password can have an empty value if the private key is not encoded.
  
  The Notification message field contains standard text with information about the event that the application sends when an event occurs. This text includes substitute parameters, such as event name, device name, and domain name. You can edit the message text by adding other substitute parameters with more relevant details of the event. The list of substitute parameters is available by clicking the button to the right of the field.
  
  If the notification text contains a percent sign (%), you have to type it twice in a row to allow message sending. For example, "CPU load is 100%%".
  
  Click the Configure numeric limit of notifications link to specify the maximum number of notifications that the application can send during the specified time interval.
  
  Click the Send test message button to check if you have configured notifications properly. The application should send a test notification to the email addresses that you specified.
- SMS
  The SMS tab allows you to configure the transmission of SMS notifications of various events to a cell phone. SMS messages are sent through a mail gateway.
  
  In the Recipients (email addresses) field, specify the email addresses to which the application will send notifications. You can specify multiple addresses in this field, by separating them with semicolons. The notifications will be delivered to the phone numbers associated with the specified email addresses.
  
  In the SMTP servers field, specify mail server addresses, separating them with semicolons. You can use the following values:
  - IPv4 or IPv6 address
  - Windows network name (NetBIOS name) of the device
  - DNS name of the SMTP server
  In the SMTP server port field, specify the number of an SMTP server communication port. The default port number is 25.
  
  Click the Settings link to define additional notification settings:
  - Subject name (subject name of an email message)
  - Sender email address
  - ESMTP authentication settings
  If necessary, you can specify an account for authentication on an SMTP server if the option of ESMTP authentication is enabled for the SMTP server.
  - TLS settings for an SMTP server
  You can disable usage of TLS, use TLS if the SMTP server supports this protocol, or you can force usage of TLS only. If you choose to use only TLS, you can specify a certificate for authentication of the SMTP server and choose whether you want to enable communication through any version of TLS or only through TLS 1.2 or later versions. Also, if you choose to use only TLS, you can specify a certificate for client authentication on the SMTP server.
  - Browse for an SMTP server certificate file
  You can receive a file with the list of certificates from a trusted certification authority and upload the file to Kaspersky Security Center. Kaspersky Security Center checks whether the certificate of the SMTP server is also signed by a trusted certification authority. Kaspersky Security Center cannot connect to the SMTP server if the certificate of the SMTP server is not received from a trusted certification authority.
  
  You must upload a single file that contains the certificate and its private key. When the file is loaded, you must then specify the password for decoding the private key. The password can have an empty value if the private key is not encoded.The Notification message field contains standard text with information about the event that the application sends when an event occurs. This text includes substitute parameters, such as event name, device name, and domain name. You can edit the message text by adding other substitute parameters with more relevant details of the event. The list of substitute parameters is available by clicking the button to the right of the field.
  
  If the notification text contains a percent sign (%), you have to type it twice in a row to allow message sending. For example, "CPU load is 100%%".
  
  Click the Configure numeric limit of notifications link to specify the maximum number of notifications that the application can send during the specified time interval.
  
  Click the Send test message button to check whether you configured notifications properly. The application should send a test notification to the recipient that you specified.
- Executable file to be run
  If this notification method is selected, in the entry field you can specify the application that will start when an event occurs.
  
  Clicking the Configure numeric limit of notifications link allows you to specify the maximum number of notifications that the application can send during the specified time interval.
  
  Clicking the Send test message button allows you to check whether you configured notifications properly: the application sends a test notification to the email addresses that you specified.
In the Notification message field, enter the text that the application will send when an event occurs.
You can use the drop-down list to the right of the text field to add substitution settings with event details (for example, event description, or time of occurrence).

If the notification text contains a percent (%), you must specify it twice in succession to allow message sending. For example, "CPU load is 100%%".
Click the Send test message button to check whether notification has been configured correctly.
The application sends a test notification to the specified user.
Click OK to save the changes.

The re-adjusted notification settings are applied to all events that occur on client devices.

You can override notification settings for certain events in the Event configuration section of the Administration Server settings, of a policy settings, or of an application settings.