Subscribe to Event
The first step is to subscribe to an event that you are alerting on from you SIEM / Monitoring technology.
- Log into your SafeTitan portal (<Domain>.safetitan.com)
- Navigate to Real-Time Integrations -> Real-Time Response Events
- Click Create a Real-Time Response Event
- Create a Real-Time response by filling out the following:
- Trigger Type – Choose from the list. (E.g., Sentinel_Alert, LogPoint _Alert, Etc.)
- Behavior – Choose from the list. (E.g., Disabled firewall, Unknown USB Device, Etc.)
- Event Name – This must match the event you are sending.
- Once you have populated the required configuration click Save
Add Actions to your Real-Time Event
After you have created an Event, you will be presented with a grid of the created Event Subscriptions. Once an event has been saved you will now be able to add actions to these.
- To the right of the record you have just created, select the Details button and then Action List.
- Click Create Real-Time Response Action
Configure the Actions of the Event using the following:
- Training - Will generate a Training Campaign for the user that triggered the action.
- Organization Message - Will email the user a pre-configured email message.
- Trigger Once - Will only perform the action for the initial time the event is triggered.
- Trigger after N events - Will trigger after the alert has reached the threshold.
- Trigger Always - Will perform the action after every time the alert has been triggered.
Example: This will only apply the action if the event occurs on the 10th or 23rd of every month.
- Here you can specify a particular day or days of the week, month(s) of the year that the event subscription is active on.
- The suppression period dictates how long of a cooling off period should be applied before listening for the next event. Any event that occurs within the suppression period will not be counted.
The Following will be presented based on your Action Type selection
Training - Will generate a Training Campaign for the user that triggered the action
Select a Training Topic
Here you will be able to select the type of Course (E.g., Data Protection, Email Security, Etc.)
Select a Training Course
Here you will be able to choose the course based on the topic (E.g., Where Data Protection is selected you can send the GDPR training)
Training Campaign Name
Organization Message - Will email the user a pre-configured email message.
Here you will be able to select the email the user will receive after committing the action.
When this is set as yes, the actions will be carried out when the Event is triggered.
Click Save Event Action – You will be returned to the Actions List
You can create additional events by repeating the above steps.
This will effectively create a subscription Actions to a Real Time event and associate an Action.