Configure Responses in CSAM
You can configure rules to monitor critical events that satisfy the conditions specified in a rule and send you alert messages if events/incidents matching the condition are detected. The alert message will have the event details. For more information, check out this tutorial!
How to set up rule-based alerts?
Just tell us what you consider to be a significant finding or event and the mechanism in which you want to be alerted.
Step 1 - Define actions that the rule must take in response to the alert. configure rule actions to specify one or more actions to be performed when events matching a condition is detected. You can set alerts to be sent by Email, PagerDuty or Post to Slack.
Step 2 - Set up your rules in the Rule Manager tab. Specify which events you want to monitor, criteria for triggering the rule and actions to be taken on those events. When a rule is triggered based on a trigger criteria, CSAM will send to your configured account alerts that will have details of the events.
Step 3 - Monitor all the alerts that were sent after the rules were triggered
That's it! You are all set to start being alerted about your detections!