: Define Alert Actions
Focus
Focus
Table of Contents

Define Alert Actions

Define alert actions that you can then select to Enable Alerts by Tag Type. Defining alert actions includes choosing to receive the alert as an email or HTTP/HTTPS notification and setting the alert frequency. You only receive notifications for samples matching the alert criteria (the tag) in the digest period you select; if AutoFocus does not detect matching samples during the digest period, it does not send out an alert.
The default alert action
none
cannot be edited or deleted. Use this alert action to disable alerts for tags.
Create an alert for Unit 42 tags to receive notifications based on new threats and attacks identified by the Unit 42 threat intelligence research team.
  1. Select
    Alerts
    Settings
    .
  2. Scroll to the bottom of the
    Settings
    tab, and click
    Add Alert Action
    :
  3. Give the alert action a descriptive name.
  4. Define the type of alert you want to receive:
    Email
    ,
    HTTP
    , or
    HTTPS
    .
  5. Set the alert destination (email address or server URL).
    For email alerts:
    Enter the email address where you would like to receive Email Alerts.
    For HTTP/HTTPS alerts:
    Enter the
    URL
    of your server that you have configured to receive HTTP/HTTPS Alerts. You can test the connectivity of the server by clicking on
    Test URL
    . If the connection is valid, ( ) displays next to the
    Test URL
    button.
    Self-signed server certificates are not supported. Server certificates must be signed by one of the pre-installed root certificate authorities (CAs). Refer to AutoFocus Portal Settings for more information on viewing trusted AutoFocus CAs.
  6. Set the alert digest to
    5 Minutes
    or
    Daily
    .
    Digest sets the frequency with which AutoFocus checks for samples that match the alert criteria. AutoFocus collects all samples that match the alert criteria during the digest period and sends them in a single notification.
  7. (HTTPS alerts only) Define the authentication method.
    For HTTPS alerts using basic authentication:
    Enter the user credentials of a service account on the server that you configured to receive the AutoFocus alerts.
  8. Click
    Save Changes
    .
    The Action drop-down contains all saved alert actions, which you can apply to samples matched to Unit 42, public, and private tags.

Recommended For You