Alert Notification & Remediation

EventLog Analyzer provides you with two alert notification mechanisms

Further, you can also remediate the alert condition by creating incident workflows.

Settings to notify alert by Email

Enter the details required for sending alert notification via email.

1. Enable the Email Notification check box under the Notification Settings tab to enable email notifications.
2. Choose Send Notification: Choose the desired frequency for receiving alert notifications. This will notify you whenever an alert has been triggered, based on the frequency you set.
   • All Alerts: An alert notification will be generated for each alert created.
   • Once a day: An alert notification will be generated only once daily.
   • Once a week: An alert notification will be generated weekly once.
   • Once a month: An alert notification will be generated monthly once.
   • Custom: You can also tailor the notification schedule by predetermining the exact number of days, hours and minutes between each notification.

3. Specify the receiver's email address and for multiple emails, separate the addresses with commas (,).
4. Add a subject line for the email notification. You can also append the alert argument(s) to the subject line. Select the arguments from the list available under Macros.
5. The default mail content is shown above, you can modify this and also add arguments from the Macros list. Click Save Profile.
Note: The email content of correlation alerts can be customized to include the rule name, correlated time, and the action. Furthermore, you can select and add specific fields of the action by choosing them from the list that appears when the action is clicked. Please refer to the image below.

6. If the mail server is not configured in EventLog Analyzer, you will be prompted to when Notify by Email option is selected.

Settings to notify alert by SMS

Enter the details required for sending alert notification using SMS.

1. Enable the SMS Notification check box under Notification Settings tab checkbox to enable SMS notifications.
2. Enter the recipient’s number.
3. You can customize the SMS content by clicking Add More Fields next to SMS Message field.

If SMS settings is not configured in EventLog Analyzer, you will be prompted to set it when Notify by SMS option is selected.

Assigning Workflows to Security Incidents

You can associate incident workflows with the security alerts configured in the product. This way, when a security alert is triggered, the corresponding workflow automatically starts executing, and you can view its status on the Manage Workflows page.

To assign a workflow to a new security alert:

• Navigate to Alerts → +Add Alert Profile, or
• Click on +Add → Alerts

And configure your alert as given above.

To assign a workflow to an existing alert:

Navigate to Alerts → Alert Configurations → Manage Alert Profiles → Select the update

OnDemand Workflows

Users can run workflows and view their statuses directly from the Alerts console.

To run a workflow for an alert,

• Select an Alert and click the Run Workflow button under Workflow Status.
• Select a workflow from the drop down menu and click Run.
• You can select Associate to Alert Profile to assign a workflow to the alert profile on the dashboard directly.

You can check the status of the workflow by clicking Workflow History.

You can also run multiple workflows for a single alert.