Dispatching Alerts

Automated Responses

SenseDeep Responses are actions that automatically dispatch and resolve alerts. Responses may also invoke defensive countermeasures to minimize the threat to your site.

Creating Responses

You can create an automated alert response when dispatching an alert that will respond to future similar alerts. You can also create a response at anytime via the Add Response option.

The Add Response dialog permits you to customize the response for a specific threat.

Alert Response

The created response will match a specific set of alert threats based upon the select threat check and filter expression.

Threat Check

The threat check field is the name of the check that will scan for the threat condition. Checks are defined in SenseDeep Packages.

Filter Expression

The filter defines a javascript-like expression that will select matching alerts. Each alert defines a set of fields that can be used in the expression. These are displayed in the right hand panel and are updated as you change the threat check field. For example, here are the fields available for the http-dos threat check.

Alert Fields

For example, a filter expression may look like:

region == 'us-east-1' && ip == '93.184.216.34' && url == '/admin.php'

Defenses

When defining a response, you can associate a set of defensive countermeasures to be run when an incoming alert is dispatched. Read more in Creating Defenses.

Alert Resolution

When a response runs, it will typically resolve the alert such that the alert is moved to the Alert History and does not further impact the account security status. An unresolved alert will run nominated defenses, but it will remain in the Alert List and will still impact the account security status when calculating the Attack and Threat status. You will then need to manually resolve and dispatch the alert.

Defenses

See Also

© SenseDeep® LLC. All rights reserved. Generated at 05:29:13 Sep 22, 2017. Privacy Policy and Terms of Use.