You can configure CloudGuard Log.ic to sent an alert when specific events occur in your cloud network. Log.ic monitors log information from your cloud environment in near real-time, and can generate an alert in response to an event. You (or other designated recipients) will receive this alert as an email, and will be able to respond to the event almost immediately.
To receive alerts you must first set up a Policy. The policy includes a ruleset with specific Log.ic alert definitions, which are applied to selected cloud environments (VPCs). A Notification Policy is also associated with the policy, indicating where alerts are to be sent.
In the Log.ic menu you can set up rulesets, policies, and notification policies.
Automatic and continuous monitoring of your cloud accounts according to queries configured for your enterprise needs
Automatic generation of near real-time alerts based on specific events and thresholds, issued to user-defined notification targets
Built-in rulesets covering many common enterprise needs can be applied to your accounts out-of-the-box
- Navigate to the Rulesets page in the Log.ic menu.
- Select the ruleset to which the alert(s) will be added (or create a new one, using the steps above).
Click +NEW ALERT (in the upper right).
- Enter a name and description for the alert.
- Optionally, enter remediation text for the alert, indicating what steps can be taken to resolve the issue indicated by the alert. This text will be shown on the Alerts page.
- Select the severity for the alert.
- Enter a definition for the alert. This consists of the following details:
- The source for the alert, either VPC Flow logs (vpcfl), or CloudTrail logs
- The GSL statement for the alert. This is similar to query statements for the Log.ic Explorer.
- The entity on which the event occurred (source or destination). This is relevant for alerts from VPC Flow Logs only.
- Click SAVE.
A Log.ic policy consists of a ruleset (containing alert definitions), one or more cloud accounts on which the alerts will be applied, and a notification policy indicating where alert findings should be sent.
- Navigate to the Policies page in the Log.ic menu.
- Click ADD POLICY (on the right).
Select the accounts on which the policy will apply (more than one can be selected), and then NEXT.
Select the rulesets for the policy, from the list (more than one can be selected), and then click NEXT.
- Select the Notification policies from the list (more than one can be selected).
- Click SAVE.
Log.ic includes several built-in rulesets. These can be included in policies, and applied to your cloud accounts.
You can also create you own, customized rulesets for your specific needs.
View alerts generated by Log.ic policies in the Alerts page (in the Alerts and Notifications menu). In order for alerts to be sent to the Alerts page, the notification policy attached to the policy must have this option set:
To view alerts from Log.icon the console, navigate to the Alerts page in the Administration menu.
Select Log.icin the Source section, in the Filter pane on the left.
SeeAlerts for more details about the Alerts page.
To save a query as an alert, see Create an Alert from a Query.
Log.ic includes a number of predefined (Dome9-managed) rulesets and alerts.