Quick-start guide on configuring email alerts and reports in CYFOX. This manual will guide you through the steps needed to set up customized notifications for cybersecurity events within your organization. After following this guide, you can monitor activities effectively and receive alerts tailored to your specific needs.
Step 1: Accessing the Policy Tab
Log in to the CyFox portal.
Navigate to the Policy tab.
Step 2: Configuring Notifications
Access the Notification Tab:
Go to the Notification tab under the Policy section.
Add a Mailing Group:
Click on 'Add' to create a new mailing group.
Configure Mailing Group:
Enter the group name.
Select the desired events and engines. For example, you can choose all IDS events.
Set the frequency for receiving administrative reports (daily, weekly, or monthly).
Select the severity levels for sensor event alerts.
Choose the types of events for system inspector alerts (e.g., Malware hunter, WMI investigation, Honeypot alerts).
Save Settings:
After configuring, save the settings. You will receive a confirmation message: "Mailing group was successfully added."
Step 3: Setting Event Response Rules
Navigate to Event Response:
Go to the Event Response section under the Policy tab.
Add Rules:
Click on 'Add' to open the Add Rules tab.
Set Rule Levels:
Determine the scope of the rule:
Global: Applies organization-wide.
Group: Applies to specific predefined groups of endpoints.
Host(s): Applies to specific individual endpoints.
Select Events and Actions:
Choose the desired events (e.g., IDS).
Select the desired events from the engines.
In the action section, choose 'Send email' and press 'Add.'
By following these steps, you can configure email alerts and reports to effectively detect suspicious activities, honeypots, malware, and more in CyFox. You can customize the notifications you receive based on your policies.
Additional Information
FAQ
What types of events can I set alerts for?
You can set alerts for various events, including IDS events, malware detection, honeypot alerts, WMI investigations, and more.
How can I ensure the alerts are sent to the correct recipients?
Make sure to correctly configure the mailing group with the appropriate email addresses of the recipients.
Can I customize the frequency of the reports?
Yes, you can set the frequency to daily, weekly, or monthly according to your preference.
What should I do if I'm not receiving alerts?
Check your notification settings and ensure that the email addresses are correct. Verify that the events and actions are properly configured in the Event Response section.