Skip to content

Triggers

With the use of triggers, AccuKnox can send alerts to third-party SIEM (security information and event management) platforms and logging tools like Slack, Splunk, Elastic Search, Cloud Watch, and Jira.

How to create a new trigger?

  1. After choosing specific log filter from the Logs Screen, click on Create Trigger button. You can either click elements directly from the log events list, search for elements directly in the filter, or use Search Filters to choose a specific log filter

  2. Configure the required options:

Name: Define an alert trigger name.

When to initiate this trigger: Set the frequency of the trigger. You have four options to select, (1) Runtime as it happens (2) Once a day (3) Once a week (4) Once a month

Define Threat Level: Define the threat level for the trigger. You have three options (1) High (2) Medium (3) Low

Selected Filter: The chosen log filter from step 1 is populated here. You can shift to predefined filters from here also.

Notification channel: Choose the notification channel that should receive the alerts.

Note: Before selecting the notification channel, you should complete the channel integration for this channel. Review the Channel Integration for more context. Channel Integration Guide

  1. Click Save button to store the trigger in database.

Manage Triggers

Triggers can be managed individually, or as a group, by using the checkboxes on the left side of the Trigger UI. Select individual/group of triggers and perform actions, such as enabling, disabling, or deleting.

View Trigger Details

To view Trigger alert details, click the Details of corresponding Tigger alert row. This will give query info of the selected trigger additionally.

Enable/Disable Triggers

Alerts can be enabled or disabled using the slider or the actions drop-down menu. You can perform these operations on a single trigger or on multiple triggers

  1. From the Triggers UI, check the boxes beside the relevant triggers.

  2. Click Actions drop-down

  3. Click Enable or Disable as necessary.

Use the slider beside the trigger to disable or enable individual triggers

Edit an Existing Trigger

To edit an existing Tigger alert:

  1. click Edit from the right corner More options icon of the corresponding trigger alert

  2. Edit the trigger, and click Save to confirm the changes.

Duplicate a Trigger

Triggers can be duplicated so that similar triggers can be created quickly.

  1. Click Duplicate from the right corner More options icon of the corresponding trigger alert

  2. Make necessary changes and save the trigger.

Delete Trigger

Open the Triggers page and use one of the following methods to delete triggers:

You can perform delete operation on a single trigger or on multiple triggers

  1. From the Triggers UI, check the boxes beside the relevant triggers.

  2. Click Actions drop-down

  3. Click Delete

Click Delete from the right corner More options icon of the corresponding trigger to delete individual trigger

Back to top