For Alert Logic® customers, agents must be manually assigned to an assignment policy using the Alert Logic console or via API. Since agents are manually assigned, it is easy to end up with agents that have no appliance assigned to them.
Alert Logic recommends setting up a collection rule to report unassigned agents or agents that have errored out. These alerts can be set up in the Alert Logic console by creating a collection alert and applying the alert to the source.
Note: This information applies only to customers with Alert Logic® Cloud Defender™ or Alert Logic Threat Manager™ entitlements.
Creating a Collection Alert Rule
To create the collection alert rule, complete the following steps.
- Click Configuration in the main menu.
- Click Network IDS in the sub-menu.
- Click Alert Rules in the sidebar.
- Click the orange circular + button.
- In the panel that displays on the right, type a descriptive name in the Collection Alert Name field.
- In the Time Before is Triggered field, enter a time that is no less than 15 minutes.
- In the Time Between Alert Occurrences field, enter a time that is no less than 30 minutes.
- In the Target Type drop-down menu, select Collection.
- In the Email Addresses field, type an email address to receive the alert. To send the alert to multiple email addresses, separate each entry with a comma.
- Select the Send Alert Once check box.
- Click Save.
Applying a Collection Alert Rule
Once the collection alert rule is created, apply the rule to the source using the following steps.
- Click Configuration in the main menu.
- Click Deployments in the sub-menu.
- Select the deployment that you want to apply the alert rule in.
- Click Networks and Protected Hosts from the sidebar.
- Click Protected Hosts from the list of tabs in the middle of the page.
- In the table of protected hosts, click the gear icon in the top right corner and select Mass Edit.
- In the Replace Collection Alerts field, select the alert rule you created. No other settings need to be adjusted for this process.
- Click Save.
With this alert rule in place, you will receive notifications when Alert Logic does not receive log messages during the configured time frame, helping you keep track of unassigned agents and agents with errors. When additional hosts are added to the system, the collection alert rule will need to be manually applied to the new host(s) using this process.
Comments
0 comments
Please sign in to leave a comment.