Notifications

Alert Logic notifications alert you to threats, changes, and scheduled events in your environment so you can respond quickly. From the Alert Logic console, you can subscribe to:

  • Alert-based notificationsSecurity incident and log correlation notifications, for example, that alert you to potential threats in near real time
  • Scheduled action notificationsNotifications for the completion of a scheduled activity, such as the generation of a compliance report

When configuring your alert-based notifications, you can specify the criteria you want to focus on, such as threat levels in the high and critical categories.

You can create and subscribe to notifications for your account and the accounts you manage. Users with Administrator, Owner, or Power User roles can subscribe others to receive notifications and manage notifications created by other users in your account. For more information about user roles, see Customer Accounts, User Accounts, and User Roles.

Alert Logic supports your automation workflows. You can configure notifications to send alerts by email and to an connector like a webhook. For more information about configuring webhooks, see Webhook and Email Connectors.

Notification types

You can configure several types of notifications:

Notification creation

The process to create a notification is similar for alerts and scheduled activities, such as report generation.

To start creating an incident notification:

  1. In the Alert Logic console, click the menu icon ().
  2. Click Respond, and then click Incidents to access the Incidents page.
  3. Click NOTIFICATIONS, and then click Add Notification.
  4. To finish building the notification rule, complete the fields as described in Incident Notifications.

You can also create an incident notification from the Notifications page.

To start creating a log correlation and notification:

When you create a correlation, you choose whether you want the correlation to generate an observation (meaning that Alert Logic observed an occurrence of your log correlation) or an incident, and then you can set up the notification in the next step.

  1. In the Alert Logic console, click the menu icon ().
  2. Click Investigate, and then click Search to access the Log Search page.
  3. Create a valid log search query to define the correlation conditions. For more information about creating the query, see Search: Log Messages.
  4. Click the SEARCH drop-down menu below the query, and then click Create Correlation. Alert Logic adds the log search query to the correlation, which you can adjust.
  5. To finish creating the correlation and adding the notification, complete the fields as described in Correlations and Notifications.

You can also add a notification to an existing correlation and create an observation notification from the Notifications page.

To start scheduling a report and adding a notification:

  1. In the Alert Logic console, click the menu icon ().
  2. Click Validate, and then click Reports to access the Reports page.
  3. Browse to the report you want to schedule.
  4. Some reports such as the Current Vulnerability Finder, List of Vulnerabilities, and Current Vulnerabilities Breakdown cannot be scheduled because they are tabular reports primarily downloaded as CSV files not PDF files. If the report cannot be scheduled, the option appears grayed out.
  5. Set up the report criteria.
  6. Click SCHEDULE THIS REPORT to open the Schedule a Report page.
  7. To finish scheduling the report and building the notification rule, complete the fields as described in Scheduled Reports and Notifications.

You can also create a report schedule and notification from the Notifications page.

To schedule a FIM search and notification:

  1. In the Alert Logic console, click the menu icon ().
  2. Click Manage, click Notifications, and then click Schedules.
  3. Click the add icon (), and then click Schedule a FIM Search.
  4. To finish scheduling a FIM search and notification, see File Integrity Monitoring Search Notification.

Notifications management

Notifications in your account and the accounts you manage appear on the Notifications page, available from the Manage group on the navigation menu. The Notifications page provides a centralized place for you to view, create, and manage notifications of all types.

For more information about the Notifications page and notifications management, see Manage Notifications.