How to send emails triggered by events



Similar documents
Device Integration: Checkpoint Firewall-1

Monitoring VMware ESX Virtual Switches

Deploying HIDS Client to Windows Hosts

How to enable File Integrity Monitoring (FIM)

AlienVault. Unified Security Management 5.x Configuration Backup and Restore

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

Device Integration: CyberGuard SG565

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Device Integration: Cisco Wireless LAN Controller (WLC)

Suricata IDS. What is it and how to enable it

Device Integration: Citrix NetScaler

AlienVault Offline Key Activation

AlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

Assets, Groups & Networks

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

User Management Guide

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

How to configure High Availability (HA) in AlienVault USM (for versions 4.14 and prior)

AlienVault. Unified Security Management x Offline Update and Software Restoration Procedures

AlienVault Unified Security Management (USM) x. Configuring High Availability (HA)

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

OPTION 1 Instructions - Recommended when sending to the logged on user account

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

SYSTEM BACKUP AND RESTORE (AlienVault USM 4.8+)

Address Collector. - Tutorial -

Quick Start Guide Using OneDisk with the Tappin Service

Microsoft Outlook 2003 : Creating an Spam/Junk Mail Filter

Barracuda Spam Firewall User s Guide

Intrusion Detection in AlienVault

How To Manage Your Quarantine On A Blackberry.Com

The Institute of Education Spam filter service allows you to take control of your spam filtering.

Plesk Control Panel Adding accounts

Using the Barracuda Spam Firewall to Filter Your s

KUMC Spam Firewall: Barracuda Instructions

The SIEM Evaluator s Guide

- Spam Spam Firewall How Does the Spam Firewall Work? Getting Started username Create New Password

Version 3.x. Barracuda Spam & Virus Firewall User s Guide. Barracuda Networks Inc S. Winchester Blvd Campbell, CA

Using the Barracuda to Filter Your s

Mailbox control panel. User guide

Windows Live Mail Setup Guide

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Barracuda Spam Firewall

Filtering Spam Using Outlook s Rule

Outlook Quick Steps & Rules

Personal Spam Solution Overview

AXIS 1440 Print Server For EPSON Printers: Product Update. Important Information for Windows

SENDING S & MESSAGES TO GROUPS

DOMAIN CENTRAL HOSTING

Treemap by Category Visualizations. Product: IBM Cognos Active Report Area of Interest: Reporting

Version 5.x. Barracuda Spam & Virus Firewall User s Guide. Barracuda Networks Inc S. Winchester Blvd Campbell, CA

Fax User Guide 07/31/2014 USER GUIDE

MICROSOFT OUTLOOK 2011 READ, SEARCH AND PRINT S

Barracuda Spam Firewall User s Guide

Exchange 2003 Mailboxes

Guide to Using Citrix at SLU (Windows)

Username: Password: your password. Domain Name: EXCH026. Server Name: EAST.EXCH026.serverdata.net

Unified Security Management and Open Threat Exchange

Virtual Office Remote Installation Guide

How much of a difference should I expect? The bill pay screen and menu will have an enhanced appearance; however the functionality will be the same!

ARCHIVING OVERVIEW. Cbeyond's Archiving enables you to:

How To Read A Quarantine On Hb.Com

Setting Up Alarms in a HOBO ZW Wireless Network

Trend Micro PC-cillin Internet Security 2006

Using Rackspace Webmail

CREATING RELATIONSHIPS & SPONSORSHIPS

Don't have Outlook? Download and configure the Microsoft Office Suite (which includes Outlook)!

BusinessObjects Enterprise XI Release 2

How Do I Create a Sent-mail Filter for my Outlook IMAP Account?

Cyclope Internet Filtering Proxy. - Installation Guide -

AlienVault. Unified Security Management (USM) x Initial Setup Guide

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Zoho CRM and Google Apps Synchronization

Using the Findlay City Schools Help Desk Program. This document describes how to submit a helpdesk request into the new system for the first time.

Installation & Configuration Guide Version 1.0. TekSMTP Version Installation & Configuration Guide

Alcatel-Lucent OpenTouch Connection for Microsoft Outlook. User guide R2.0

Core Filtering Admin Guide

Using Barracuda Spam Firewall

SUTUS Business Central 5800 ThinkTel Configuration

Active Directory Integration for Greentree

CRM Knowledge Base. Contents

Premium Anti Spam User s Guide. Table of Contents

Barracuda Spam Control System

How does the Excalibur Technology SPAM & Virus Protection System work?

Barracuda SPAM Firewall

Outlook 2010 Setup Guide (POP3)

Unity Error Message: Your voic box is almost full

Apple Mail Setup Guide (POP3)

USING OUTLOOK WEB ACCESS

Parallels Panel. Parallels Small Business Panel 10.2: User's Guide. Revision 1.0

Anti-Spam Configuration in Outlook 2003 INDEX. Webmail settings Page 2. Client settings Page 6. Creation date Version 1.2

Hallpass Instructions for Connecting to Mac with a Mac

Core Protection Suite

eprism Security Suite

Using BlueHornet Statistics Sent Message Reporting Message Summary Section Advanced Reporting Basics Delivery Tab

Virtual TimeClock Payroll Export Guide

Knowledge Base Articles

Transcription:

Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved.

AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM and OSSIM are trademarks or service marks of AlienVault.

CONTENTS 1. INTRODUCTION... 4 2. CONCEPTS... 4 3. REQUIREMENTS... 4 4. HOW TO RECEIVE AN EMAIL WHEN A NORMAL EVENT OCCURS... 4 5. HOW TO RECEIVE AN EMAIL WHEN A DIRECTIVE EVENT OCCURS... 12 DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 3 of 17

1. INTRODUCTION This document describes how AlienVault USM sends emails that include alerts previously defined. These alerts are events that arrive to the user through an email and the events always meet the requirements defined in a created policy. 2. CONCEPTS In AlienVault, one normalized log file entry corresponds to a single Event. There are 2 types of events: normal event and directive event. Normal events. Events generated by external Data Sources. Directive events. Events generated by the AlienVault Server. Policy. A set of rules defined by a user to specify the behavior of events. 3. REQUIREMENTS The following requirements are necessary for receiving emails when an event occurs: 1. Create a new policy. 2. Select or create a new DS Group. 3. Create an action. 4. HOW TO RECEIVE AN EMAIL WHEN A NORMAL EVENT OCCURS 1. Choose Configuration > Threat Intelligence : 2. This window includes 2 parts. The upper part Default Policy Group refers to normal events and the bottom part Policies for events generated in server refers to directive events. DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 4 of 17

3. Click on New to create a new policy and enter a policy rule name. Then, enter the conditions and the consequences. When you click on a condition or on a consequence, the tab that corresponds to it will be opened. DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 5 of 17

4. Select one or more DS Group or insert a new one if it is not yet created. Remove the mark ( ) on ANY to have the possibility of selecting specific DS Groups. A DS Group can be created from Configuration > Threat Intelligence > Data Source or clicking on INSERT NEW DS GROUP?. DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 6 of 17

It is recommended to define a suitable policy in order to avoid a large number of emails. It can happen that a DS Group cannot be selected, as it is displayed in the image: DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 7 of 17

This case happens when a DS Group includes normal events and directive events. That DS Group cannot be selected and displays this icon ( ). 5. Click on Actions and insert a new action: DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 8 of 17

6. Click on INSERT NEW ACTION?. An action can be also created from Configuration > Threat Intelligence > Actions. DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 9 of 17

7. Fill the fields out and click on SAVE, then click on UPDATE POLICY. DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 10 of 17

8. Select the policy and click on Reload Policies to add the created policy. Once this button is clicked, the emails begin to be sent. DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 11 of 17

Check the Spam filter if there are no emails in your mailbox. 5. HOW TO RECEIVE AN EMAIL WHEN A DIRECTIVE EVENT OCCURS 1. Choose Configuration > Threat Intelligence : 2. This window includes 2 parts. The upper part Default Policy Group refers to normal events and the bottom part Policies for events generated in server refers to directive events. DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 12 of 17

3. Click on New to create a new policy and enter a policy rule name. Then, enter the Event Type (DS Group) and the consequences. When you click on the conditions or on consequences, the tab that corresponds to it will be opened. 4. Select one or more DS Group or insert a new one if is not yet created. A DS Group can be created from Configuration > Threat Intelligence > Data Source or clicking on INSERT NEW DS GROUP?. Make sure that only Directive events have been selected for a DS Group. If not, this new DS Group would not appear in the selector. DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 13 of 17

It is recommended to define a suitable policy in order to avoid a large number of emails. 5. Click on Actions and insert a new action by clicking on INSERT NEW ACTION?. An action can be also created from Configuration > Threat Intelligence > Actions. DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 14 of 17

6. Fill the fields out and click on SAVE. DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 15 of 17

7. Click on UPDATE POLICY. 8. Click on Reload Policies to add the created policy. Once this button is clicked, the emails begin to be sent. DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 16 of 17

Check the Spam filter if there are no emails in your mailbox. DC-00153 Edition 00 Copyright 2014 AlienVault. All rights reserved. Page 17 of 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information