To create a real-time event, which you can then subscribe to for alerts, do the following:
In your SafeTitan portal, select Real-Time Integrations > Real-Time Response Events from the menu on the left.
Select Create a Realtime Response Event.
In the window that opens, complete the following fields:
Trigger type: From the dropdown list, select the type of trigger that, when performed by the user, will trigger the event.
All of the options, with the exception of User_Creation, are SIEM (Security Information and Event Management) integrations.
LogRhythm_Smart Response: The LogRhythm AlertManager sends the alert directly to SafeTitan as a log file.
LogRhthym_Email: This is an alert sent by email from LogRhythm to the SafeTitan Support Team.
Splunk_SearchAlert: The Splunk AlertManager sends the alert directly to SafeTitan as a log file.
Splunk_Email: This is an alert sent by email from Splunk to the Safetitan Support Team.
User_Creation: This trigger type is specific to SafeTitan, whereas the others are SIEM integrations. Once the user is set up in the client's active directory, and this option is selected, then SafeTitan specifies what actions to take when that user triggers an event.
If you select this option, then you may want to ensure that the newly added user is automatically sent training. See Add Mandatory Training for New Users for details.
LogPoint_Alert: SIEM event that is set up in LogPoint that specifies how SafeTitan should be notified if event is triggered.
Sentinel_Alert: SIEM event that is set up in Sentinel that specifies how SafeTitan should be notified if event is triggered.
Dtex_Alert: SIEM event that is set up in Dtex that specifies how SafeTitan should be notified if event is triggered.
Behavior: From the dropdown list, select the behavior type that will trigger the alert.
Event name: Ensure that the name you enter here matches the name of the event being triggered in your SIEM technology.