Alerting

• 3 min to read •

Effective incident alert management is crucial for organizations to minimize downtime, mitigate risks, and ensure business continuity.

Withing Syxsense you can generate alerts that will notify the appropriate team when an incident occurs which will improve communication and collaboration among teams, and enhance overall incident resolution times.

Alerting engine was designed to be

  • Flexible: IT managers easily configure to align with goals
  • Integrated: Bidirectional status updates with service desk systems (ConnectWise first)
  • Automated: Syxsense doesn’t just alert Using Cortex, Syxsense both proactively opens the alert and resolves issues

Alerts are created under the Alerting menu and use cortex workflows to evaluate whether an alert is triggered. When you publish an alert, you choose its targets.

Guided walk-through: How to Create & Manage AlertsGuided walk-through: How to Create & Manage Alerts

Click the Alerting tab within the Syxsense console sidebar ①

Select the Alerts tab ②

Click the 'Create' button ③

Define this alert with the following information: ④

  • Name & Display Name
  • Comprehended description
  • Category
  • Priority level depending on the severity

Categories can be created on the fly or reused from previous entries. Example categories you could enter are

  • System Outage: Detect when critical systems (server, website) go offline and quickly restore service.
  • Security policy violations: Unauthorized software installed, Anti Virus Disabled.
  • Capacity Utilization: Key resources like CPU, RAM, Disk Space at risk.
  • Patching: Critical Patches required; Zero Day patch released.
  • Security Vulnerabilities: Detected vulnerabilities like User Account misconfigurations, open ports, and more.

Click 'Ok'  ⑤Drop-down TitleDrop-down Title

Next you will be moved into the Evaluation workflow canvas.

 This canvas is familiar to Syxsense Cortex or Zero Trust drag-and-drop canvas. The set of actions on the right sidebar is the same as for Security Posture workflows. The only difference in actions is Alerting: Close Alert & Open Alert.

To build new Evaluation (e.g. create evaluation of Firewall status), select the 'Firewall status' action from the Actions sidebar and drag the action onto the main canvas.

This action will act as the triggering function for our Alert.Drop-down TitleDrop-down Title

   

Select 'Open Alert' action from the right Actions sidebar and drag it over to the Disabled state node for the 'Firewall status' action in the canvas.

This will create an alert for a device with disabled Firewall.

Connect the 'Close Alert' action to the Enabled state node for the 'Firewall status' action. Drop-down TitleDrop-down Title

 

Click 'Save'

This alert will be listed under Alerts on the left sidebar.

In the upper toolbar you can choose an option to either change initial alert setting, delete or publish the created alert.Drop-down TitleDrop-down Title

 

Guided walk-through: How to Publish AlertsGuided walk-through: How to Publish Alerts

Select the Alerts sidebar tab ①

Then, select the name of the Alert you want to deploy ②

Next, select the Publish Alert button from the top toolbar ③ Drop-down TitleDrop-down Title

Once you have opened the Publish Alert option, you will be prompted to configure the settings: choose the name of the ticket, add description and choose a device it will be published to.

Click 'Save'

This alert will be listed under Published Alerts on the left sidebar. From within the Published Alert tab, you can click the Alert and visualize the triggering mechanisms.

Copyright ©2023 by Syxsense, Inc. All Rights Reserved