Configuring ThreatSTOP email alerts.

Overview

The Email alert feature allows you to save a Report Filter to get an email notification when records matching the filter are found in your device logs. For example, this can be used to get alerted if high severity events are found for a sensitive device.

Creating a new email alert

To create a new email alert:

  • Select the filter settings you want to match for alerting purposes. The report type doesn’t affect the alerting mechanism: only the filters do.
  • In the filter widget, click on Save/Edit Alert and set the following:
    • Save As: You can save a new alert or overwrite a previously created alert.
    • Title: A brief title for the alert (email subject line).
    • Email Address: The email address the alert should be sent to.
    • Email CCs: If the alert should be sent to more than one address, enter the extras (up to three) here.
    • Alert me after: This is the trigger to fire an alert email. If the conditions defined by the filter are met so many times in an hour then an email alert will be sent.
    • Don’t alert me again for: Setting this field to 1 or more whole hours will allow a triggered alert to cool down for that time duration. This is useful for silencing alerts that are repeatedly triggered.

Editing an email alert

  • To change the settings of an email alert, follow the same steps as for the creation of a new alert. When selecting the name (Save As), select the alert you want to replace.

  • To view the list of email alerts and their configuration, browse to the Alerts menu entry for the Report type (DNS, IP, or Roaming). You can delete alerts from this list.