Create a Security Alert Rule

Alert rules trigger alert notifications when anomalous activity is detected.

For example, you want Security Monitoring and Analytics to alert you with an notification email when a anomalous activity is detected. First, you need to create an alert rule and define its threshold values.

1. From Security Monitoring and Analytics, click the Menu icon , top-left under the product name.
2. Under Security Admin, select Alert Rules.
3. Click Create Alert Rule, top-right under Alerts.
4. Enter a name and a description.
5. Alerts can be generated based on two severity levels (warning or critical).
   1. Select For All Threats and then choose one:
      • Warning Alert —this generates a Warning alert for all threats.
      • Critical Alert —this generates a Critical alert for all threats.
   2. Select Based on Risk Level.
      You can set thresholds for generating a warning or a critical alert based on risk level of the threat.

      • Chose > or ≥ under operator.
      • Under Warning Threshold, select Low, Medium or High for the Threat Risk Level to generate a warning alert.
      • Under Critical Threshold, select Medium, High or Critical for the Threat Risk Level to generate a Critical alert.

   When generating alerts based on risk level, the warning threshold level (low, medium, high) must be set lower than the critical threshold level (medium, high, critical).

6. Add email recipients for alert notifications.
7. Click Save.