Follow

Setting Up a Collection Alert Rule for Agents with Microsoft Azure | Best Practices

Description

For Alert Logic™ customers with Microsoft Azure, agents must be manually assigned to an assignment policy using the Alert Logic console or via API. Since agents are manually assigned, it is easy to end up with agents that have no appliance assigned to them.

Alert Logic recommends setting up a collection rule to report unassigned agents or agents that have errored out. These alerts can be set up in the Alert Logic console by creating a collection alert and applying the alert to the source.

Creating a Collection Alert Rule

To create the collection alert rule, complete the following steps.

  1. At the top of the Alert Logic console, from the drop-down menu, click Threat Manager
  2. In the left navigation area, under Alert Rules, click Collection
  3. In the table of alert rules, in the Actions column heading, click the gear icon and select New Collection Alert
  4. In the form that displays, in the Collection Alert Name field, type a descriptive name. 
  5. In the Time Without Data field, enter a time that is no less than 15 minutes.
  6. In the Time Between Alert Occurrences field, enter a time that is no less than 30 minutes.
  7. In the Alert Type field, select Collection.
  8. In the Email Addresses field, type an email address to receive the alert. To send the alert to multiple email addresses, separate each entry with a comma. 
  9. Select the Send Alert Once check box.
  10. Click Save

Applying a Collection Alert Rule

Once the collection alert rule is created, apply the rule to the source using the following steps.

  1. At the top of the Alert Logic console, from the drop-down menu, click Threat Manager.
  2. In the left navigation area, under Detection, click Protected Hosts.
  3. In the table of protected hosts, in the Actions column heading, click the gear icon and select Mass Edit.
  4. In the Replace Collection Alerts field, select the alert rule you created for unassigned agents. No other settings need to be adjusted for this process.
  5. Click Apply.

With this alert rule in place, you will receive notifications when Alert Logic does not receive log messages during the configured time frame, helping you keep track of unassigned agents and agents with errors. When additional hosts are added to the system, the collection alert rule will need to be manually applied to the new host(s) using this process.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.