TWTQ: Accessing threat feed alerts

TWTQ: Accessing threat feed alerts

Hello everyone!
We're back for This Week's Top Question (TWTQ):

Q: Where do I view threat feed alerts?

A: EventLog Analyzer processes multiple threat feeds and alerts you when a malicious IP, URL, or domain is detected in your network.

View the alerts by going to:
Alerts > Profile based alerts > Default threat

 

The built-in Default Threat alert profile is pre-enabled and it doesn't require any configuration. It starts checking your network for malicious IPs, URLs, and domain traffic, right after you install the solution. 

The Alerts dashboard gives you all the required information to start investigating the security incident, such as the alert message, time, and device which caused it.

The best part is, you can raise these alerts as tickets from within EventLog Analyzer's console itself. Simply click on the Update icon for the required alert, and you can:
  • Assign an owner for the ticket.
  • Add relevant notes regarding the incident and its resolution.
  • Update the ticket status and mark it as closed once it's resolved.

If you would like to enable email and SMS notifications for these alerts, go to:
  • Alert configurations (on the left menu) > Manage alert profiles
  • On the Manage Alert Profiles page, click on the Update icon next to the Default threat alert profile.
  • On the Edit Alert Profile page, under 'Notification Settings', you can select the checkbox for email or SMS notifications and provide the necessary details. You can even select 'Run Program' and assign custom scripts to run when this alert is triggered. Once you're done, click on Update.
And that's it! What do you think of this feature? Let us know!

Learn more about the feature here.