x
AdobeStock_253306473 (1)

Receive Cribl Notifications on a Distribution List or Group Email Alias

March 20, 2024

IT and security teams have several products they use and in turn, have many admins. Some have wide privileges, while others have focused responsibilities for the various tools and touch points in an IT and security data path. Not all admins are members of all tools. But they are all typically part of a larger group bound by an email alias (aka a distribution list). When there is an upgrade, an incident, or a fix going into a product or a service, this group of admins wants to be knowledgeable about it to identify dependencies on other products and touch points in the path. Cribl.Cloud notifications are sent only to owners and admins; there is no direct way to get notified on an email alias unless you register this alias as a Cribl.Cloud owner/admin. This blog provides the details on how to get this done today, and we have plans to streamline this process in coming releases. The blog primarily refers to the notifications sent by Cribl.Cloud before an upgrade (cloud monthly releases), an incident, or an emergency fix going into the service, it does not apply to any other in-product notification

User Invitation

Invite a user as an owner or admin using the email alias (aka distribution list) as the ID. In this example, I have used “distro-test-3@cribl.io” as the email alias.

IMPORTANT: For this to work, the distribution list email address must be enabled to receive emails from public/third-party addresses. This is a setting on the customer’s email server where the email alias is created and managed. Without enabling this setting, emails sent by Cribl which is a third-party entity for this purpose, will not be received and broadcasted to the alias.

If federated authentication (SSO) is enabled, this alias based user can be used as a break glass account or a separate account to receive notifications on.

User Acceptance and Creation

Since this is an email alias, you will not get an invitation email like you would for a normal single user invitation. To circumvent this,

  • Copy the invitation link from the members page as shown below

  • Open a browser window in incognito mode and paste the above-copied link to start the acceptance process. You will now be presented with the login page. Here select the sign up workflow to begin the process of creating this user, as shown below.

  • For the email address field, provide the distribution list email address and click Continue. Essentially, you are creating a user with the email alias.

  • Provide a meaningful name to this user as shown below, accept the terms and click Continue,

  • You will now get a “Verify” user email sent to this alias. Note: since this is an alias, all users in this distribution list will get the “Verify” user email. Only one of them needs to verify the user. A sample of the email is shown below,

User Verified and Active in Cribl.Cloud

Once verified, the process is complete. At this time, you will see this distribution list portrayed as an active user on the members page as shown below. When Cribl sends out notifications, all users in this distribution list will receive the notifications.

Summary

To summarize, customers can follow these steps to get a group of admins notified on all notifications sent for Cribl.Cloud, and this will help the team to be informed of all updates, incidents, and fixes as part of the service. Stay Happy and Notified !!

.
Blog
Feature Image

Mastering Tail Sampling for OpenTelemetry: Cost-Effective Strategies with Cribl

Read More
.
Blog
Feature Image

The Stream Life Podcast 110: Microsoft Azure + Cribl – Better together

Read More
.
Blog
Feature Image

Rethinking Security: Why Organizations are Flocking to Microsoft Sentinel

Read More
pattern

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.

box

So you're rockin' Internet Explorer!

Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari

Got one of those handy?