Events & Alerts

Events & Alerts
Working mechanism of Cloud Rules
Generally, we will have 3 types of rules(either in alert/event rules) in cloud they are builder rule, SQL rule, placeholder rules. In SQL type rules, when ever there is a data match to particular query , that rule gets triggered & hence we will be ...
Sample JSON alert format
Following fields are generated for all alerts host_name severity description alert_time key value metadata - contains fields / values generated for the alert rule other than mandatory fields. Sample JSON { ...
Alert to list commands associated with an ssh session to a remote host
In this article we show how to configure an alert that fires whenever someone starts an ssh session to a remote machine from a Bastion Host using ssh. We then show how to build a context query, to list all the commands run on the remote machine, by ...
Monitor files on assets by hash
This article shows how to create an alert that monitors the presence of the files and configuration items on the assets that need to be there. Create CSV file using the following naming convention: SHA-256 hash as indicator SHA-256 as indicator_type ...
Setup Alert rule context queries
Alert rule context queries provide the capability to define queries based Alert metadata. These queries can be used to retrieve additional information related to an alert. Alert rule context queries can be defined for each alert using the following ...

Announcements
Release notes-Release 106069
June 2, 2022 XDR New Feature Global Threat Intelligence (GTI) Uptycs GTI feature for the Security/SOC analyst to identify threat indicators such as bad IP addresses or suspicious domains, along with evidential data and insightful information from various
Release notes-Release 105051
May 15, 2022 XDR Enhancements Support to attach global rule exceptions to event rules and alert rules automatically based on matching table name. For more information, see Global Rule Exceptions. Kubernetes Security Posture Management (KSPM) Enhancements
Release notes-Release 104065
April 29, 2022 SaaS New Feature Zero Trust Score Capability to specify severity for a compliance check per OS. When a compliance check runs on an endpoint, a zero trust score is calculated by the pass/fail status of the compliance check and the specified
Release notes-Release 103055
April 10, 2022 SaaS New Feature Exploit Tracker New dashboards to monitor Spring Shell and Spring Cloud vulnerabilities. For more information, see Exploit Tracker. Enhancements Bulk enable, disable, or delete Global Rule Exceptions. For more information,
Release notes-Release 102039
March 27, 2022 SaaS New Feature Managed Anti-virus (AV) Dashboard - Beta Managed AV dashboards to monitor Windows defender status and threat history of Windows endpoints. For more information, see Managed AV Dashboards. New Feature Disk Scans - Beta

Events & Alerts | Knowledge Base