Alarm notification and reporting

The management dashboard of our XDR solution provides the functionality to define the contact points to which alert notifications can be sent. Each contact point allows configuring the methodology for sending the notification.

Below is a screenshot showing the configuration of a contact point with email notification method:

Many other notification channels are supported, such as Telegram, Slack, Discord, and Webhook for any other Instant Messaging (IM) platform.

From the management platform, it is also possible to configure alerts for monitoring specific events relevant to the scenario under consideration. Each alert can be associated with a notification policy active on a contact point. By doing so, the activation of the alert will be automatically notified to the selected contact point. The contact point could be another system or network device capable of reacting to the alert. In fact, by activating Webhooks, it is possible to notify the incident by enriching the message with metadata and useful information, for example, to network devices (firewalls) to apply countermeasures parameterized on the metadata itself (blocking a specific IP address).

For each alert, it is possible to configure a notification method by choosing one or more contact points. Additionally, the generation of an alert in the XDR is appropriately notified to other active cybersecurity systems in the infrastructure (SIEM, SOAR). Along with the notification, a set of information (metadata) useful for generating a security report is provided to the aforementioned systems. This report includes all the necessary context information, including a screenshot snippet of the graphical visualization of the alert that triggered the alarm. The actual generation of the report is delegated to the SOAR module, which triggers the document production if deemed appropriate.