Skip to main content

CyTech AQUILA - Cyber Incident Management (CIM): Alert Rules

The Alert Rules section provides centralized management of alert rules assigned to various log sources. This module enables administrators and analysts to review, configure, and monitor rules that generate alerts for security and operational events.

image.png

Header Summary
  • Total Alert Rules: Displays the total number of alert rules configured in the system.
  • Active Alert Rules: Shows the number of rules currently active and monitoring events.
  • Critical Rules: Highlights the subset of rules categorized as critical, requiring immediate attention.
Search and Filter
  • The Search bar allows users to quickly locate specific alert rules by entering keywords.
  • The Filter option enables users to refine results based on categories or parameters, ensuring efficient navigation in environments with a large number of rules.
Integrations (Under Development)
  • The Integrations menu provides options for connecting alert rules with integrated platforms or data sources, ensuring seamless rule application across multiple systems.
Add Alert Rule
  • The Add Alert Rule button allows users to create new alert rules. These can be customized to monitor specific log sources, event patterns, or security indicators.

image.png

Alert Rule Listings
  • Each listed entry represents a log source with its associated rules.
  • Details include:
    • Name of the log source (e.g., APM, AWS, Active Directory, Azure).
    • Version of the rule set applied.
    • Rule count indicating the total number of rules assigned to that log source.
    • A link to View Alert Rules, which opens the detailed configuration and management interface for that specific source.

image.png

Users can also click the Rule to see more details about the alert rules.

image.png

The users can also Edit Alert Rule by pressing the button. In this section they can adjust the time interval and its risk score or change its severity.

image.png

Manage Alert Rules

The Manage Alert Rules interface provides administrators with a centralized view and management panel for alert rules assigned to a data source. This page allows users to search, filter, review, enable/disable, and monitor the execution of a specific alert rule.

Search and Filter

  • Search Bar: Provides keyword-based searching to quickly locate specific rules.
  • Filter Button: Enables refined filtering of rules based on defined criteria such as severity, status, or log type.

image.png

Global Toggle Controls

  • Display All Disable: When enabled, this toggle ensures all disabled rules are displayed.
  • Display All Enable: When enabled, this toggle ensures all enabled rules are displayed.
  • These global options simplify rule visibility management in environments with large numbers of configured alerts.

image.png

Rule Table

The central section of the page displays a table containing all AWS alert rules with associated metadata and controls. Each row corresponds to a specific rule, with the following columns:

  1. Rule
    • The rule name is hyperlinked, directing the user to the detailed configuration page for that specific rule
      image.png

  2. Risk Score

    • Numerical value representing the calculated risk impact of the rule if triggered.

      image.png

  3. Last Run
    • Displays the most recent execution time of the rule.

      image.png

  4. Severity
    • Severity levels include:
      • Low (Green)
      • Medium (Yellow)
      • High (Red)

        image.png

  5. Last Response
    • Shows the outcome of the most recent rule execution.
    • Status values include:
      • Succeeded (green indicator)
      • Potential Failed
      • Failed

        image.png


  6. Last Updated
    • Provides the timestamp when the rule was last modified.

      HEHE.png

  7. Enabled/Disabled Toggle
    • Each rule has an individual toggle to enable or disable its monitoring function.
    • Active (enabled) rules are marked in blue, while disabled rules would appear in gray.

      HEHE (2).png

This section ensures visibility into how alerts are defined and enforced across environments. By consolidating rule management, it allows administrators to maintain consistency, identify gaps, and prioritize responses effectively.

Please refer to the document from the previous sub-module: CyTech AQUILA - Cyber Incident Management (CIM): Reports

Please refer to the document for the next sub-module: CyTech AQUILA - Cyber Incident Management (CIM): Settings

If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.

No comments to display

Back to top