Monitor when a detection occurs by configuring an alert for specific conditions, such
as a particular device or type of protocol traffic. For example, if you are worried about
spikes in SSH sessions, you can configure an alert to watch for security detections that
occur over SSH on specific devices.
Note: | This topic applies to all ExtraHop systems, including ExtraHop
Reveal(x). |
Detection alerts are useful for monitoring unusual behavior that you want to be
notified of right away. For example, if you are worried about spikes in SSH sessions
on specific servers, you can configure alert settings to watch for detections that
occur over SSH and assign the alert configuration to SSH servers.
-
Log in to the ExtraHop system through
https://<extrahop-hostname-or-IP-address>.
-
Click the System Settings icon
and then click Alerts.
-
Click Create.
-
Type a unique name for the alert configuration in the
Name field.
-
In the Description field, add information about the
alert.
Tip: | Alert descriptions support Markdown, which is a simple
formatting syntax that converts plain text into HTML. For more information,
see the Alerts FAQ. |
-
In the Alert Type section, click Detection
Alert.
-
In the Assigned Sources field, type the name of a
device, device group, or application and then select from the search
results.
- (Optional):
Click Add Source to assign the alert to multiple
sources. Multiple sources must be of the same type, such as only devices and
device groups or only applications.
Tip: | Assign an alert to a device group to efficiently manage
assignments to multiple devices. |
-
From the Detection Categories drop-down list, select one
or more categories that you want the alert to monitor. The following groups of
categories are also available:
Option |
Description |
Any category |
Monitors detections on assigned sources that occur in any detection
category. |
IT Operations |
Monitors detections that occur on assigned sources in any IT
operations category. |
Security |
Monitors detections that occur on assigned sources in any Security
category. |
Note: | Detection categories vary by your ExtraHop system. |
- (Optional):
From the Protocols drop-down list, select each protocol
you want the alert to monitor.
-
In the Alert Behavior section, select an option to specify when to generate an
alert:
-
From the Severity drop-down list, select a severity level for the alert:
- Emergency
- Alert
- Critical
- Error
- Warning
- Notice
- Info
- Debug
When an alert is generated, the severity level is displayed on the Alerts page
and in alert notifications.
- (Optional):
In the Notifications section, add an
email notification to an alert to receive emails or SNMP traps when
an alert is generated.
-
In the Status section, click an option to enable or disable the alert.
- (Optional):
Add an
exclusion interval to suppress alerts during specific times.
-
Click Save.
Thank you for your feedback. Can we contact you to ask follow up questions?