Define alert actions that you can then select
Alerts by Tag Type. Defining alert actions includes choosing
to receive the alert as an email or HTTP/HTTPS notification and
setting the alert frequency. You only receive notifications for
samples matching the alert criteria (the tag) in the digest period
you select; if AutoFocus does not detect matching samples during
the digest period, it does not send out an alert.
cannot be edited or deleted.
Use this alert action to disable alerts for tags.
an alert for Unit 42 tags to receive notifications based on new
threats and attacks identified by the Unit 42 threat intelligence
Scroll to the bottom of the
Add Alert Action
Give the alert action a descriptive name.
Define the type of alert you want to receive:
Set the alert destination (email address or server URL).
For email alerts:
email address where you would like to receive Email
For HTTP/HTTPS alerts:
your server that you have configured to receive HTTP/HTTPS
Alerts. You can test the connectivity of the server by clicking
. If the connection is valid,
next to the
Self-signed server certificates are not supported.
Server certificates must be signed by one of the pre-installed root
certificate authorities (CAs). Refer to AutoFocus
Portal Settings for more information on viewing trusted AutoFocus
Set the alert digest to
Digest sets the frequency with which AutoFocus checks for
samples that match the alert criteria. AutoFocus collects all samples
that match the alert criteria during the digest period and sends
them in a single notification.
(HTTPS alerts only) Define the authentication method.
For HTTPS alerts using basic authentication:
the user credentials of a service account on the server that you
configured to receive the AutoFocus alerts.
The Action drop-down contains all saved alert actions,
which you can apply to samples matched to Unit 42, public, and private