Alerts can be created to notify you when the specified threshold has been reached. To receive an alert, first create a notification integration.
A static alert uses a static value as the threshold to trigger the alert. To create an alert:
Navigate to Posture Management in the FireTail platform. Click the Alerting tab.
Click Create Alert. Select the alert type of Static.
In the Name section fill out the following:
Alert Name - Enter a name for the alert.
Enabled - Toggle on or off. This activates or deactivates the alert.
Filters - Add filters to the alert.
Managed filters
FireTail offers a set of managed, preconfigured alerts designed to detect various security threats. Select Managed and select the type of managed alert to apply to the alert. Select an API or API in the Filter traffic by API field, if required.
A Custom filter can contain a single condition or multiple conditions. There are various options you can select to filter by, such as response status codes, request path, tags and so on. Multiple filters can be added.
Select Custom.
Click Add Filter Group.
Select the required element from the Type dropdown.
Choose the appropriate Operator.
Enter a Value.
Click Submit.
Click Add to add any further conditions to the filter. Select Include or Exclude to determine if the requests displayed in the alerts dashboard must include or exclude the conditions defined in the filter.Multiple filters can be added.
Note: To customize a managed filter, select the filter in the managed section, then select Custom.
5. Add conditions for the alert:
Whenever the request is - This defines when the alert is triggered. Choose the appropriate value :
Greater - Select this to get an alert when the request is greater than the threshold value.
Greater/Equal - Select this to get an alert when the request is greater than or equal to the threshold value.
Equal - Select this to get an alert when the request is equal to the threshold value.
Lower/Equal - Select this to get an alert when the request is lower than or equal to the threshold value.
Lower - Select this to get an alert when the request is lower than the threshold value.
Than - Enter the threshold value.
Within the last - Select the time period from the dropdown. This is the time window for alert checks. The frequency of alert checks is calculated as a period divided by three. For example, if you select 6 hours, alert checks are made every two hours, and the previous 6 hours are examined. This is displayed under the Runs every field.
6. In the Metrics section, you can define a specific metric to monitor for unusual activity.
In the Metric name dropdown select the type of metric you want to track.
In the Metric stat dropdown Choose the statistical operation for the selected metric.
7. In the Control Settings section you can adjust parameters to manage alert frequency and timing, preventing over-notification and accounting for expected activity spikes that shouldn't trigger alerts. Adjust the following:
After every trigger don't run this check for - After an alert is triggered, enter a 'cooldown' period during which subsequent alerts are suppressed.
Delay evaluating the first check by - After an alert is created, this value is used to delay the first evaluation. This serves as a grace period.
8. Notification Integration - Select the method in which you will receive your alert notification. Select a previously created integration from the dropdown, or click Create to create a new integration.
Note: when you create a notification integration you can define the text and information that will be displayed when an alert is sent.
