Notifications
Alert Logic notifications alert you to threats, changes, and scheduled events in your environment so you can respond quickly. From the Alert Logic console, you can subscribe to:
- Alert-based notifications—Security incident and log correlation notifications, for example, that alert you to potential threats in near real time
- Scheduled action notifications—Notifications for the completion of a scheduled activity, such as the generation of a compliance report
When configuring your alert-based notifications, you can specify the criteria you want to focus on, such as threat levels in the high and critical categories.
You can create and subscribe to notifications for your account and the accounts you manage. Users with Administrator, Owner, or Power User roles can subscribe others to receive notifications and manage notifications created by other users in your account. For more information about user roles, see Customer Accounts, User Accounts, and User Roles.
Alert Logic supports your automation workflows. You can configure notifications to send notifications by email and to a third-party application. Notifications to a third-party application require a templated connection.
To access the Notifications page, click the Settings icon (
), and then click Notifications.
Notification types
You can configure several types of notifications:
- Incident notifications can alert you when incidents occur that meet specific criteria.
- Log correlation notifications can alert you to incidents or observations generated by your log correlation rules.
- Scheduled report notifications can inform you when a scheduled report is generated and available for download.
Notification creation
The process to create a notification is similar for alerts and scheduled activities, such as report generation.
To start creating an incident notification:
- On the Incidents page in the Alert Logic console, click the Lists tab.
- Click ADD NOTIFICATION.
- To finish building the notification rule, complete the fields as described in Incident Notifications.
You can also create an incident notification from the Notifications page.
To start creating a log correlation and notification:
When you create a correlation, you choose whether you want the correlation to generate an observation ( meaning that Alert Logic observed an occurrence of your log correlation) or an incident, and then you can set up the notification in the next step.
- On the Search page in the Alert Logic console, click the Log Search BETA tab.
- Create a valid log search query to define the correlation conditions. For more information about creating the query, see Search: Log Messages.
- Click the SEARCH drop-down menu below the query, and then click Create Correlation. Alert Logic adds the log search query to the correlation, which you can adjust.
- To finish creating the correlation and adding the notification, complete the fields as described in Correlations and Notifications.
You can also add a notification to an existing correlation and create an observation notification from the Notifications page.
To start scheduling a report and adding a notification:
- From the Reports page in the Alert Logic console, access the report you want to schedule.
- Set up the report criteria.
- Click SCHEDULE THIS REPORT to open the Schedule a Report page.
- To finish scheduling the report and building the notification rule, complete the fields as described in Scheduled Reports and Notifications.
You can also create a report schedule and notification from the Notifications page.
Notifications management
Notifications in your account and the accounts you manage appear on the Notifications page, available from the Manage group on the navigation menu. The Notifications page provides a centralized place for you to view, create, and manage notifications of all types.
For more information about the Notifications page and notifications management, see Manage Notifications.