1. Home
    2. AutoFocus
    3. AutoFocus™ Administrator’s Guide
    4. AutoFocus Alerts
    5. Create Alerts
    6. Define Alert Actions

    Define Alert Actions

    Define alert actions that you can then select to Enable Alerts by Tag Type. Defining alert actions includes choosing to receive the alert as an email or HTTP/HTTPS notification and setting the alert frequency. You only receive notifications for samples matching the alert criteria (the tag) in the digest period you select; if AutoFocus does not detect matching samples during the digest period, it does not send out an alert.
    The default alert action
    none
     cannot be edited or deleted. Use this alert action to disable alerts for tags.
    Create an alert for Unit 42 tags to receive notifications based on new threats and attacks identified by the Unit 42 threat intelligence research team.
    1. Select
      Alerts
      Settings
      .
    2. Scroll to the bottom of the
      Settings
       tab, and click
      Add Alert Action
      :
    3. Give the alert action a descriptive name.
    4. Define the type of alert you want to receive:
      Email
      ,
      HTTP
      , or
      HTTPS
      .
    5. Set the alert destination (email address or server URL).
      For email alerts:
      Enter the email address where you would like to receive Email Alerts.
      For HTTP/HTTPS alerts:
      Enter the
      URL
       of your server that you have configured to receive HTTP/HTTPS Alerts. You can test the connectivity of the server by clicking on
      Test URL
      . If the connection is valid, ( ) displays next to the
      Test URL
       button.
      Self-signed server certificates are not supported. Server certificates must be signed by one of the pre-installed root certificate authorities (CAs). Refer to AutoFocus Portal Settings for more information on viewing trusted AutoFocus CAs.
    6. Set the alert digest to
      5 Minutes
       or
      Daily
      .
      Digest sets the frequency with which AutoFocus checks for samples that match the alert criteria. AutoFocus collects all samples that match the alert criteria during the digest period and sends them in a single notification.
    7. (HTTPS alerts only) Define the authentication method.
      For HTTPS alerts using basic authentication:
      Enter the user credentials of a service account on the server that you configured to receive the AutoFocus alerts.
    8. Click
      Save Changes
      .
      The Action drop-down contains all saved alert actions, which you can apply to samples matched to Unit 42, public, and private tags.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo