Alert Notification & Remediation
EventLog Analyzer provides you with two alert notification mechanisms
Further, you can also remediate the alert condition by creating incident workflows.
Settings to notify alert by Email
Enter the details required for sending alert notification via email.
- Enable the Email Notification check box under the Notification Settings tab to enable email notifications.
- Specify the receiver's email address and for multiple emails, separate the addresses with commas (,).
- Add a subject line for the email notification. You can also append the alert argument(s) to the subject line. Select the arguments from the list available under Macros.
- The default mail content is shown above, you can modify this and also add arguments from the Macros list. Click Save Profile.
Note: The email content of correlation alerts can be customized to include the rule name, correlated time, and the action. Furthermore, you can select and add specific fields of the action by choosing them from the list that appears when the action is clicked. Please refer to the image below.
- If the mail server is not configured in EventLog Analyzer, you will be prompted to when Notify by Email option is selected.
Settings to notify alert by SMS
Enter the details required for sending alert notification using SMS.
- Enable the SMS Notification check box under Notification Settings tab checkbox to enable SMS notifications.
- Enter the recipient’s number.
- You can customize the SMS content by clicking Add More Fields next to SMS Message field.
If SMS settings is not configured in EventLog Analyzer, you will be prompted to set it when Notify by SMS option is selected.
Note: Notification using Run Program can now be configured with Incident Management Workflows.
Assigning Workflows to Security Incidents
You can associate incident workflows with the security alerts configured in the product. This way, when a security alert is triggered, the corresponding workflow automatically starts executing, and you can view its status on the Manage Workflows page.
To assign a workflow to a new security alert:
- Navigate to Alerts → +Add Alert Profile, or
- Click on +Add → Alerts
And configure your alert as given above.
To assign a workflow to an existing alert:
Navigate to Alerts → Alert Configurations → Manage Alert Profiles → Select the update
OnDemand Workflows
Users can run workflows and view their statuses directly from the Alerts console.
To run a workflow for an alert,
- Select an Alert and click the Run Workflow button under Workflow Status.
- Select a workflow from the drop down menu and click Run.
- You can select Associate to Alert Profile to assign a workflow to the alert profile on the dashboard directly.
You can check the status of the workflow by clicking Workflow History.
You can also run multiple workflows for a single alert.
