Subscribe to Event

 

The first step is to subscribe to an event that you are alerting on from you SIEM / Monitoring technology.

 

  1. Log into your SafeTitan portal (<Domain>.safetitan.com)
  2. Navigate to Real-Time Integrations -> Real-Time Response Events
  3. Click Create a Real-Time Response Event
  4. Create a Real-Time response by filling out the following:
    • Trigger Type – Choose from the list. (E.g., Sentinel_Alert, LogPoint _Alert, Etc.)
    • Behavior – Choose from the list. (E.g., Disabled firewall, Unknown USB Device, Etc.)
    • Event Name – This must match the event you are sending.
  5. Once you have populated the required configuration click Save



Add Actions to your Real-Time Event

After you have created an Event, you will be presented with a grid of the created Event Subscriptions. Once an event has been saved you will now be able to add actions to these.

 

  1. To the right of the record you have just created, select the Details button and then Action List.
  2. Click Create Real-Time Response Action


Configure the Actions of the Event using the following:


Action Type:

  • Training - Will generate a Training Campaign for the user that triggered the action.
  • Organization Message - Will email the user a pre-configured email message.


Action Level:

  • Trigger Once - Will only perform the action for the initial time the event is triggered.
  • Trigger after N events - Will trigger after the alert has reached the threshold.
  • Trigger Always - Will perform the action after every time the alert has been triggered.


Trigger On:

Example: This will only apply the action if the event occurs on the 10th or 23rd of every month. 

  • Here you can specify a particular day or days of the week, month(s) of the year that the event subscription is active on.


Suppression Period:

  • The suppression period dictates how long of a cooling off period should be applied before listening for the next event. Any event that occurs within the suppression period will not be counted. 


The Following will be presented based on your Action Type selection

Training - Will generate a Training Campaign for the user that triggered the action


Select a Training Topic

 Graphical user interface, text, application Description automatically generated

Here you will be able to select the type of Course (E.g., Data Protection, Email Security, Etc.)


Select a Training Course

Graphical user interface, text Description automatically generated

Here you will be able to choose the course based on the topic (E.g., Where Data Protection is selected you can send the GDPR training)


Training Campaign Name 

 

Organization Message - Will email the user a pre-configured email message.


Message
 

Here you will be able to select the email the user will receive after committing the action. 

 

Message Preview

Graphical user interface, text, email Description automatically generated


Is Active

When this is set as yes, the actions will be carried out when the Event is triggered.

CC

 

Click Save Event Action – You will be returned to the Actions List

You can create additional events by repeating the above steps.

 

This will effectively create a subscription Actions to a Real Time event and associate an Action.