Define Alert Actions

Define alert actions that you can then select to Enable Alerts by Tag Type. Defining alert actions includes choosing to receive the alert as an email or HTTP/HTTPS notification and setting the alert frequency. You only receive notifications for samples matching the alert criteria (the tag) in the digest period you select; if AutoFocus does not detect matching samples during the digest period, it does not send out an alert.
The default alert action none cannot be edited or deleted. Use this alert action to disable alerts for tags.
Create an alert for Unit 42 tags to receive notifications based on new threats and attacks identified by the Unit 42 threat intelligence research team.
  1. Select AlertsSettings.
  2. Scroll to the bottom of the Settings tab, and click Add Alert Action:
    alerts-add-2.png
  3. Give the alert action a descriptive name.
    alerts-add-name.png
  4. Define the type of alert you want to receive: Email, HTTP, or HTTPS.
    alerts-add-type.png
  5. Set the alert destination (email address or server URL).
    For email alerts:
    Enter the email address where you would like to receive Email Alerts.
    alerts-add-dest.png
    For HTTP/HTTPS alerts:
    Enter the URL of your server that you have configured to receive HTTP/HTTPS Alerts. You can test the connectivity of the server by clicking on Test URL. If the connection is valid, ( af-url-test-success.png ) displays next to the Test URL button.
    Self-signed server certificates are not supported. Server certificates must be signed by one of the pre-installed root certificate authorities (CAs). Refer to AutoFocus Portal Settings for more information on viewing trusted AutoFocus CAs.
  6. Set the alert digest to 5 Minutes or Daily.
    Digest sets the frequency with which AutoFocus checks for samples that match the alert criteria. AutoFocus collects all samples that match the alert criteria during the digest period and sends them in a single notification.
    alerts-add-digest.png
  7. (HTTPS alerts only) Define the authentication method.
    alerts-add-auth.png
    For HTTPS alerts using basic authentication:
    Enter the user credentials of a service account on the server that you configured to receive the AutoFocus alerts.
    alert-add-basic-cred.png
  8. Click Save Changes.
    The Action drop-down contains all saved alert actions, which you can apply to samples matched to Unit 42, public, and private tags.
    alerts-add-dropdown.png
  9. Enable Alerts by Tag Type.

Related Documentation