Rule Based Alerts for Events
You can configure EDR to monitor critical events that satisfy the conditions specified in a rule and send you alert messages if events/incidents matching the condition are detected. The alert message will have the event details.
In the above screenshot following tabs are highlighted:
- Activity: Monitor all the alerts that were sent after the rules were triggered. For more information see, Manage Alerts
- Rule Manager: Set up your rules in the Rule Manager tab. Specify which events you want to monitor, the criteria for triggering the rule, and actions to be taken on those events. When a rule is triggered based on trigger criteria, EDR will send to your configured account alerts that will have details of the events. For more information see, Create a New Rule | Manage Rules
-
Actions: Define actions that the rule must take in response to the alert. configure rule actions to specify one or more actions to be performed when events matching a condition are detected. You can set alerts to be sent by Email, PagerDuty or Post to Slack. For more information see, Create a New Action | Manage Actions