Displaying alerts on your own workstation screen can be indeed annoying. If
you have a helpdesk department in your organization that watches some kind
of alarm GUI, it is best to send the sec output alarms there (provided they
really high-level alarms which require immediate attention). For small
companies without a 24x7 helpdesk, sending high-level alarms to cell phones
is often the only option.
Instead of sending alarms instantly to someones phone or workstation
screen, you should also ask this question -- are the alarms important
enough to text someone immediately? For alarms which don't have that level
of urgency, you could employ 'add' action to aggregate alarms into a
context event store, and then have Calendar rule which reports the context
event store once a day. For example:
type=Calendar
time=0 8 * * *
desc=report alarms in context REPCONT each morning 8am
action=report REPCONT mailx -s 'alarm summary' r...@example.com; \
delete REPCONT
hope this helps,
risto
2015-10-07 12:38 GMT+03:00 Jaren Peich <burkol...@gmail.com>:
> Hi,
>
> I want to know how you develop SEC alerts. I use notepad++ but alerts are
> getting bigger and bigger and also i have bat scripts to execute and
> sometimes it is quite annoying to work with this system.Any recommendation?
>
> Regards.
>
>
> ------------------------------------------------------------------------------
> Full-scale, agent-less Infrastructure Monitoring from a single dashboard
> Integrate with 40+ ManageEngine ITSM Solutions for complete visibility
> Physical-Virtual-Cloud Infrastructure monitoring from one console
> Real user monitoring with APM Insights and performance trend reports
> Learn More
> http://pubads.g.doubleclick.net/gampad/clk?id=247754911&iu=/4140
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
>
------------------------------------------------------------------------------
Full-scale, agent-less Infrastructure Monitoring from a single dashboard
Integrate with 40+ ManageEngine ITSM Solutions for complete visibility
Physical-Virtual-Cloud Infrastructure monitoring from one console
Real user monitoring with APM Insights and performance trend reports
Learn More http://pubads.g.doubleclick.net/gampad/clk?id=247754911&iu=/4140
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
