10/21/2021: Health Exposure Notifications

Health exposure notifications are now available for configuration in the Alert Logic console for Managed Detection & Response customers. By sending pertinent information about the health of an agent, appliance, or collector, health exposure notifications allow customers to more effectively react to assets that are offline, in error, or not collecting.

Health Notifications in the Alert Logic Console

Health notifications can be accessed, created, and managed in the Alert Logic console at (navigation menu) > Manage > Notifications. To view only health notifications, choose Health under Type in the left-hand filter bar. Click into a health notification to see its details and to delete or edit.

Create a Health Notification

From the Alert Notifications page, select the Create a Notification icon (), then select Health from the drop-down. A Create a Health Notification pop-up will appear, within which you will set criteria for the health exposure notification, including:

• Details - Give your notification a clear, descriptive name.
  
  
• Collection Asset Type - Choose the asset type you want associated with the notification.
  
  
• Scope - Choose one or several of the agent status options - offline, error, and not connecting - for your chosen asset type and choose one or several assets you want associated with the notification. To choose all agent statuses or assets, check the Select All box at the top of the Agent Status and Assets lists.
  
  
• Preferences - Manage delays in the sending of notifications and suppression of notifications.
• Recipients - Create a list of users you want subscribed to the notification. The creator of the notification is, by default, subscribed to the notification.
  
  
• Notification Delivery - Manage notification delivery rules, such as the notification email subject line, and opt to add a delay of a time period you choose - 30 minutes, 1 hour, 5 hours, 1 day, or 1 week - for health exposure notifications to trigger. Health exposures that are resolved before a set delay has ended will not ultimately send a notification. This allows you to avoid false alarms and notification flooding.

Email Notification

Health exposure notifications generate emails that include an impact summary, affected hosts, and metadata about the health exposure. These emails are sent at the designated cadence, which you can manage via Notification Delivery, until the health exposures are suppressed or resolved.

Within an email notification, the Investigate button will take you to the remediation of the exposure you've been notified on in the Alert Logic console, which contains resolution instructions and a full list of all impacted assets.

Additional Resources

For more technical details about health exposure notifications, see our Health Notifications documentation.