Notifications
10 min
notifications maro can notify your security team whenever policy violations are detected across your organization notifications are configured in your organization > notifications email notifications email notifications send a detailed alert to specific recipients each time a violation session is detected each email includes a summary of the session, the employee involved, the apps used, and a breakdown of every violation setting up email notifications navigate to organization settings from the sidebar select the notifications section click add channel to create your email notification channel use the toggle to enable or disable notifications at any time when you disable email notifications, a confirmation dialog will appear no emails will be sent until the channel is re enabled adding recipients add the email addresses of the people who should receive violation alerts recipients are saved automatically as you add or remove them customizing the email template the subject line and body of each notification email can be customized using liquid https //shopify github io/liquid/ template syntax this gives you full control over the format and content of the emails your team receives session variables these variables are available in both the subject line and the email body variable description employee email the email of the employee who triggered the violations organization name your organization's name apps list of apps involved in the session (use `apps join ", "` to format as a comma separated string) session summary ai generated summary of what happened during the session session start session start time session end session end time violation count total number of violations in the session event link direct link to the session detail page in the maro dashboard violation variables individual violation details are available inside a {% for v in violations %} loop in the email body variable description v intervention how maro responded blocked , logged , or corrected v violation the type of violation (e g , "unauthorized app access", "sensitive data submission") v app the app where the violation occurred v policy the name of the policy that was violated v description a description of what happened v violation timestamp when the violation occurred default template the default email template looks like this subject maro notification {{ violation count }} violations detected on {{ apps | join ", " }} body {{ session summary }} {{ violation count }} violation(s) detected for {{ employee email }} apps {{ apps | join ", " }} session {{ session start }} — {{ session end }} {% for v in violations %} {{ v intervention }} {{ v violation }} in {{ v app }} policy {{ v policy }} {{ v description }} {% endfor %} you can restore this default at any time by clicking restore to default previewing your email a live preview below the template editor renders your email using sample data so you can see exactly what recipients will receive expand the preview data section to edit the sample session and violation values used in the preview webhooks (coming soon) webhook support will allow you to post violation event payloads to your own endpoints in real time, enabling integration with tools like slack, pagerduty, jira, or your own internal systems digest summaries (coming soon) digest summaries will send periodic rollups of violation activity instead of individual real time alerts — useful for teams that prefer a daily or weekly overview rather than per event notifications
