Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.

Was this topic helpful?

Yes No

Thank you for your feedback. Can we contact you to ask follow up questions?

How can we improve?

Product Requirements

Machine Learning Service

Configure detection alert settings

You can configure detection alert settings that monitor when a detection has occurred on specific protocols. When the conditions configured in the alert settings are met, the ExtraHop system generates a detection alert, which you can view on the Alerts page.

Note:

This topic applies to all ExtraHop systems, including ExtraHop Reveal(x).

Detection alerts are useful for monitoring unusual behavior that you want to be notified of right away. For example, if you are worried about spikes in SSH sessions on specific servers, you can configure alert settings to watch for detections that occur over SSH and assign the alert configuration to SSH servers.

Log into the Web UI on the ExtraHop Discover or Command appliance.
Click the System Settings icon and then click Alerts.
Click New to open the Alert Configuration window.
Enter a unique name for the alert configuration in the Name field.
From the Alert Type section, click Detection.
Click the Source Type list and select the data source for the alert configuration.
The alert configuration can be assigned only to the type of source selected.

Select one of the following detection categories:

Option	Description
Any category	Watches for detections on assigned sources that occur over any detection category.
Specific categories	Watches for detections on assigned sources that occur only within specified detection categories. Click Select Categories to specify one or more categories. If you select Security, all security detection categories will apply. If you select IT Operations, all performance detections will apply.

The detection categories available vary by your ExtraHop subscription. Security detections are only available for ExtraHop Reveal(x). Learn more in Detections.

Select one of the following protocols options:

Option	Description
Any protocol	Watches for detections on assigned sources that occur over any protocol.
Specific protocols	Watches for detections on assigned sources that occur only over specified protocols. Click Select Protocols to specify one or more categories, such as HTTP Client and HTTP Server.

Select one of the following firing modes:

Option	Description
Edge-Triggered	Generates an alert only once when the detection alert conditions are true. The alert is generated again only if conditions are true after the metric value has returned to normal conditions twice.
Level-Triggered	Generates alerts continuously while the detection alert conditions are true for the specified time period.

Click OK.

Next steps

Alerts cannot be generated until you assign an alert configuration to a source.
Assign an exclusion interval to an alert to suppress alerts during specific times.
Add a notification to an alert configuration to receive emails or SNMP traps when an alert is generated.

Published 2021-01-20 16:46

Documentation

Products

Differentiation

Solutions

Security Operations

Cloud-Native Security

Application Analytics

Network Performance

Customers

Community

Partners

Support

Training

Resources

More Resources

Company

Events and Information

Configure detection alert settings