Define Alert Actions
Define alert actions that you can then select to Enable Alerts by Tag Type. Defining alert actions includes choosing to receive the alert as an email or HTTP/HTTPS notification and setting the alert frequency. You only receive notifications for samples matching the alert criteria (the tag) in the digest period you select; if AutoFocus does not detect matching samples during the digest period, it does not send out an alert.
The default alert action none cannot be edited or deleted. Use this alert action to disable alerts for tags.
Create an alert for Unit 42 tags to receive notifications based on new threats and attacks identified by the Unit 42 threat intelligence research team.
- Select AlertsSettings.
- Scroll to the bottom of the Settings tab, and click Add Alert Action:
- Give the alert action a descriptive name.
- Define the type of alert you want to receive: Email, HTTP, or HTTPS.
- Set the alert destination (email address or server URL).For email alerts:Enter the email address where you would like to receive Email Alerts.For HTTP/HTTPS alerts:Enter the URL of your server that you have configured to receive HTTP/HTTPS Alerts. You can test the connectivity of the server by clicking on Test URL. If the connection is valid, ( ) displays next to the Test URL button.Self-signed server certificates are not supported. Server certificates must be signed by one of the pre-installed root certificate authorities (CAs). Refer to AutoFocus Portal Settings for more information on viewing trusted AutoFocus CAs.
- Set the alert digest to 5 Minutes or Daily.Digest sets the frequency with which AutoFocus checks for samples that match the alert criteria. AutoFocus collects all samples that match the alert criteria during the digest period and sends them in a single notification.
- (HTTPS alerts only) Define the authentication method.
For HTTPS alerts using basic authentication:Enter the user credentials of a service account on the server that you configured to receive the AutoFocus alerts.
- Click Save Changes.The Action drop-down contains all saved alert actions, which you can apply to samples matched to Unit 42, public, and private tags.
- Enable Alerts by Tag Type.
Enable Alerts by Tag Type
Enable Alerts by Tag Type Enable alerts based on Tag Types . You can choose to generate an alert for all samples in your network ...
Alert Types An alert is a notification about samples that match a set of defined criteria. When you Create Alerts in AutoFocus, you have the ...
Create Alert Exceptions
Create Alert Exceptions You can choose different alert settings for individual tags by adding the tags as alert exceptions . Create exceptions so that the ...
Create Alerts Create alerts to monitor samples based on their tags. The following steps walk you through the process of creating alerts in AutoFocus: Select ...
Create a Secure HTTPS Alert Action
Create a Secure HTTPS Alert Action In the following example, an HTTPS alert named AutoFocus-alerts is configured to send AutoFocus alerts to a web server ...
Edit Alerts Alerts are highly customizable and can be changed or deleted anytime. Change the settings of an existing alert action or alert exception as ...
AutoFocus Alerts Prioritized alerts allow you to quickly distinguish targeted, advanced attacks from commodity malware so that you can triage your network resources accordingly. Set ...
Tag Types Tag colors and icons allow you to easily distinguish the different tag types at a glance. When a tag is linked to a ...