React fast!
The most important thing is how fast you react to the occurring events!
It goes without saying that no one will be able to react fast by merely looking at the incoming raw log data. Graphs can help, however they are more suitable for a final analysis of the occurred events and not for immediate action.
SECalert was initially designed to reduce the response-to-events time to zero!
Every time SECnology is executing an action (launches itself, builds graphs or collects logs for example), in interactive mode or in mode Job, SECalert watches over the process and analyses it from the perspective of a predefined set of triggers. In case of a match a predefined action or a sequence of actions is executed or Administrator is prompted to make a decision concerning the event.
With SECalert you will always be sure not to miss an event you are waiting for or to be alerted on something you suspect to be dangerous for your security environment!
Defining Rules
A Rule can be defined as set of triggers that, once activated, launch a series of predefined Actions. Rules can be easily customized in accordance with you needs.
Defining Actions
There are currently four types of Actions available in SECalert module of the SECnology bundle:
- The first type is an email messaging system that is able to send one or more email messages (attachements are possible) to one or more destinations.
- The second type is a Net Send command sent to a certain IP address or to a subnetwork in a broadcast mode.
- The third type is a Pop-Up message.
- The fourth type is an execution of a sequence of commands written to a .bat file.
