You can configure EDR to monitor critical events that satisfy the conditions specified in a rule and send you alert messages if events/incidents matching the condition are detected. The alert message will have the event details.
How to set up rule-based alerts?
Just tell us what you consider to be a significant finding or event and the mechanism in which you want to be alerted.
Step 1 - Define actions that the rule must take in response to the alert. configure rule actions to specify one or more actions to be performed when events matching a condition is detected. You can set alerts to be sent by Email, PagerDuty or Post to Slack.
Create a New Action | Manage Actions
Step 2 - Set up your rules in the Rule Manager tab. Specify which events you want to monitor, criteria for triggering the rule and actions to be taken on those events. When a rule is triggered based on a trigger criteria, EDR will send to your configured account alerts that will have details of the events.
Create a New Rule | Manage Rules
Step 3 - Monitor all the alerts that were sent after the rules were triggered
That's it! You are all set to start being alerted about your detections!
The User Activity tab lists all the remediation activities performed on the events. Know more about User Activity
