Watch the following video to learn about how to generate an email for an alarm in AlienVault USM Appliance:
This module will show you how to generate an automatic email when USM Appliance identifies an alarm. You may want to generate an email so you’ll be alerted to alarms even if you’re not actively monitoring USM Appliance when the alarm is raised.
First, we use the Action Menu to create the email message.
- Go to Configuration, then Threat Intelligence.
- Choose Actions.
- Click New to create a new action.
- Type a name for the action, such as “Send and email for each alarm.”
- Set the Context to identify the portion of your system for which you want to receive emails, which may simply be your entire network.
- Enter a description.
- For Type, choose “Send and email message.”
- For Condition, choose “Only if it is an alarm.”
- Enter a From email address, a To email address, and a Subject for the email.
In the Message, you can enter text, and you can also click on the Keywords above to add them to the message.
Note: Keywords will be substituted by their matching value when the email is generated. For example, SID_NAME will be substituted with the name of the alarm. It’s also useful to email the source of the alarm, which is Keyword SRC_IP, the destination, which is Keyword DST_IP, and the risk level, which is Keyword RISK.
- When done crafting the email, click Save.
Now we use the Policy Menu to add this action as a policy.
- From the Threat Intelligence menu, choose Policy.
- Under “Policies for events generated in server,” click New.
- Click the check box next to Directive Events.
- Click in the green area below Actions. Drag the Test Email action to the Active Actions section.
- Enter a Policy Rule Name.
- Click the Update Policy button.
- Under “Policies for events generated in server,” click Reload Policies.
This task is completed. This completes our session on generating an automatic email when USM Appliance identifies an alarm.