To setup alerts across the different SanerCloud tools with a subscription-enabled model involves defining conditions for the alerts and setting up responses.
Pre-requisites
- Configure your email settings before proceeding to enable the alerts
- Choose the relevant organization associated to the account
Step1: Access Cloud Alerts
From the side menu, click on the Cloud Alerts icon. Just hover over the icon to see the name.
Step2: Enable Subscription
Subscription allows you to customize alerts according to your specific needs. You can establish criteria based on the tool you subscribed to receive notifications (for example, about particular roles being assigned, privileged actions being taken, or changes to access permissions). The system triggers alerts based on these criteria.
To enable subscription, just turn on the slider for the tool you subscribed. The relevant alert criteria for the selected tool gets enabled for you to update.
Step3: Define the Alert Recipient Email Ids
Provide the email ids for which you want to trigger the alert. You can key in one or more recipient email ids. If you want to enter multiple email addresses, then separate them with commas.
Step4: Setup Conditions
Select the checkbox to specify the alert criteria for the tool.
| Tool/Alert | Condition(s) |
|---|---|
| Asset Exposure | Publicly Accessible Resources, Watchlisted Resources, Newly Created Resources, Outdated Resources |
| Posture Anomaly | Posture Anomaly Detection: All Anomalies and Custom Detection Custom Detection Rules: All queries and Custom Detection Rules High Confidence Anomalies: All anomaly rules that call for immediate attention |
| Identity Entitlement Management | Compliance checks include: All compliance checks, Custom checks(CIEM ids), Inactive Users, Users with Excessive Permissions, Groups with Excessive Permissions, Roles with Excessive Permissions, Policies with Excessive Permissions, and Critical Log Activities Log checks include: Critical Log Activities |
| Remediation Management | All Issues, Critical Issues |
| Posture Management | All Compliance Checks, Critical and High Severity Checks, Custom Checks |
Step 5: Setup Response
Select the checkbox to specify the automated response for the alert.
| Tool | Response |
|---|---|
| Asset Exposure | Not Applicable |
| Remediation Management | All actions, All successful actions, All failure actions, Custom Response |
| Identity Entitlement Management | Not Applicable |
| Posture Anomaly | All Anomalies, High Confidence Anomalies, Custom Detection |
| Posture Management | Not Applicable |
Step6: Complete Your Configuration
Click the Update button to complete your alert setup. The successful completion message displays and notifications trigger based on your setup.
Commonly Asked Questions
What are Alerts in SanerCloud and why are they important?
Alerts in SanerCloud notify administrators and stakeholders about specific issues or events that call for immediate attention or remediation.
What are the different types of alerts in SanerCloud?
Follow the link to: Learn About the different types of Alerts and their Purpose in SanerCloud
Why am I not receiving the cloud alerts even though conditions are met?
— Check the notification recipient ids are configured correctly
— Check if notification recipient ids has the appropriate permissions
— Make sure the alerting condition is configured correctly
What are the pre-built conditions provided by SanerCloud?
SanerCloud offers pre-defined alert conditions based on standard compliance frameworks (e.g., CIS, HIPAA, PCI-DSS) and general security posture checks like missing patches, unauthorized access attempts, and exposed assets.
What are the different types of alerts I can configure?
— Asset Exposure Alerts: Detect when sensitive data or systems are exposed.
— Compliance Violation Alerts: Notify when systems deviate from compliance standards.
— Patch Management Alerts: Identify missing patches or vulnerabilities.
— Posture Anomaly Alerts: Highlight deviations from expected security configurations.
— Risk Management Alerts: Detect issues, threats, or vulnerabilities that need to be addressed or fixed within a system or network.
How does the subscription-enabled model in SanerCloud affect alert configuration?
Turning on the subscription enables users to setup the required alert conditions for any SanerCloud tool.
Can I set up alerts across multiple SanerCloud tools simultaneously?
Yes, SanerCloud integrates various security tools under one dashboard, allowing centralized alert configuration across all services tied to your subscription.
Are there limitations to the number of alerts I can configure under my subscription?
This may vary based on the subscription plan you have opted for.
Can I perform patch remediation directly from an alert notification?
Users can only review the details from the alert notification and log into the application to take the necessary patch remediation actions.
What information can I find in the SanerCloud alert emails?
— The tool in SanerCloud that triggered the alert and the time of the activity
— Description about the specific activity detected
— Impacted Resources
Related Topics
