SECalert

A Fast Response Time

Response time to an occurring event can be critical, especially for certain events!
SECalert was designed to reduce event response time to zero! Whenever SECNOLOGY is running (i.e.: building graphs, collecting events, etc…), whether in interactive mode or in Job mode, SECalert watches over the processes and analyses them based on a predefined set of triggers. When a match occurs, a predefined action or a sequence of actions is executed or Administrator is prompted to make a decision concerning the event.
With SECalert you will never miss an event and can be reassured that you will be alerted should a suspicious or dangerous event occur anywhere in your environment!





Overview




Define Rules

When SECprocess analyses an event, in interactive or batch mode, a predefined set of rules watch, observe and analyze the process and will conditionally trigger a sequence of actions to execute.  A Rule is a set of triggers that, once activated, launch a predefined set of actions.

Rules are easily customized as needed.

Automate Actions

Actions may occur simultaneously and may run external 3rd party applications, such as applying a configuration change to a Firewall or comparing a change to a critical server.
Six types of actions are available in SECalert, enabling a wide range of responses to any event:

Send emails to one or more destinations, with attachments if needed.

Send a Net Send command to an IP address or to a sub network in broadcast mode.

Display a Pop-Up message

Write a script or a sequence of commands to a batch file

Create a file fed with dynamic parameters

Trace the alert in transparent mode

The SECalert module is a standard feature of the SECNOLOGY Platform





How never miss an event ?

With SECalert you will never miss an event and can be reassured that you will be alerted should a suspicious or dangerous event occur anywhere in your environment!