Configure rule based alerts for events

You can configure EDR to monitor critical events that satisfy the conditions specified in a rule and send you alert messages if events/incidents matching the condition are detected. The alert message will have the event details.

How to set up rule-based alerts?

Just tell us what you consider to be a significant finding or event and the mechanism in which you want to be alerted.

Landing page of responses tab

  1. Define actions that the rule must take in response to the alert. configure rule actions to specify one or more actions to be performed when events matching a condition are detected. You can set alerts to be sent by Email, PagerDuty or Post to Slack. For more information see, Create a New Action | Manage Actions
  2. Set up your rules in the Rule Manager tab. Specify which events you want to monitor, the criteria for triggering the rule, and actions to be taken on those events. When a rule is triggered based on trigger criteria, EDR will send to your configured account alerts that will have details of the events. For more information see, Create a New Rule | Manage Rules
  3. Monitor all the alerts that were sent after the rules were triggered. For more information see, Manage Alerts

The User Activity tab lists all the remediation activities performed on the events. Know more about User Activity

User Activity



Was this topic helpful?

success Thank you! We're glad to hear that this topic was useful.
failed We appreciate your feedback. We'll work to make this topic better for you in the future.