[{"data":1,"prerenderedAt":2174},["ShallowReactive",2],{"navigation":3,"/en/alert/notification-policy":411,"/en/alert/notification-policy-surround":1259},[4,218],{"title":5,"_path":6,"children":7},"En","/en",[8,29,35,67,77,87,105,130,148,155,162,178,190],{"title":9,"_path":10,"children":11},"Getting Started","/en/getting-started",[12,14,17,20,23,26],{"title":13,"_path":10},"Introduction",{"title":15,"_path":16},"Quick Start","/en/getting-started/quickstart",{"title":18,"_path":19},"Installation on Docker Standalone","/en/getting-started/dockerstandalone",{"title":21,"_path":22},"Installation on Docker Swarm","/en/getting-started/dockerswarm",{"title":24,"_path":25},"Installation on Windows","/en/getting-started/windows",{"title":27,"_path":28},"Installation on Linux","/en/getting-started/linux",{"title":30,"_path":31,"children":32},"Dashboard","/en/dashboard",[33],{"title":30,"_path":34},"/en/dashboard/dashboard",{"title":36,"_path":37,"children":38},"Datacollector","/en/datacollector",[39,42,45],{"title":40,"_path":41},"Data View","/en/datacollector/view",{"title":43,"_path":44},"Management","/en/datacollector/management",{"title":46,"_path":47,"children":48},"Vendors","/en/datacollector/vendors",[49,52,55,58,61,64],{"title":50,"_path":51},"Default Syslog Configuration","/en/datacollector/vendors/default",{"title":53,"_path":54},"FortiGate Syslog Configuration","/en/datacollector/vendors/fortigate-syslog",{"title":56,"_path":57},"Palo Alto Syslog Configuration","/en/datacollector/vendors/palo-alto-syslog",{"title":59,"_path":60},"Ruijie Syslog Configuration","/en/datacollector/vendors/ruijie-syslog",{"title":62,"_path":63},"Sophos Syslog Configuration","/en/datacollector/vendors/sophos-syslog",{"title":65,"_path":66},"SonicWall Syslog Configuration","/en/datacollector/vendors/sonicwall-syslog",{"title":68,"_path":69,"children":70},"Reports","/en/reports",[71,74],{"title":72,"_path":73},"Reports Views","/en/reports/view",{"title":75,"_path":76},"Scheduled Reports","/en/reports/scheduled-reports",{"title":78,"_path":79,"children":80},"Alert","/en/alert",[81,84],{"title":82,"_path":83},"Rule Management","/en/alert/rule-management",{"title":85,"_path":86},"Notification Policy","/en/alert/notification-policy",{"title":88,"_path":89,"children":90},"Hotspot","/en/hotspot",[91,93,96,99,102],{"title":13,"_path":92},"/en/hotspot/introduction",{"title":94,"_path":95},"Location","/en/hotspot/locations",{"title":97,"_path":98},"Templates","/en/hotspot/templates",{"title":100,"_path":101},"User Activity","/en/hotspot/user-stats",{"title":103,"_path":104},"Black & White List","/en/hotspot/bw-list",{"title":106,"_path":107,"children":108},"Integrations","/en/integrations",[109,112,115,118,121,124,127],{"title":110,"_path":111},"SMTP Server","/en/integrations/smtp",{"title":113,"_path":114},"SMS Provider","/en/integrations/sms",{"title":116,"_path":117},"PMS Integration","/en/integrations/pms",{"title":119,"_path":120},"LDAP Integration","/en/integrations/ldap",{"title":122,"_path":123},"API Integration","/en/integrations/api",{"title":125,"_path":126},"NTP Server Integration","/en/integrations/ntp",{"title":128,"_path":129},"Timestamp Server Integration","/en/integrations/time-stamp-server",{"title":43,"_path":131,"children":132},"/en/management",[133,136,139,142,145],{"title":134,"_path":135},"Data Management","/en/management/data-management",{"title":137,"_path":138},"Contact Management","/en/management/contact-management",{"title":140,"_path":141},"Object Management","/en/management/object",{"title":143,"_path":144},"Command Line Interface","/en/management/command-line-interface",{"title":146,"_path":147},"Disk Capacity Planning Formula","/en/management/disk-management",{"title":149,"_path":150,"children":151},"License","/en/license",[152],{"title":153,"_path":154},"License & Agents","/en/license/license",{"title":156,"_path":157,"children":158},"User Authentication","/en/user-authentication",[159],{"title":160,"_path":161},"User & Authentication ","/en/user-authentication/user-authentication",{"title":163,"_path":164,"children":165},"System","/en/system",[166,169,172,175],{"title":167,"_path":168},"Administrator Management","/en/system/administrator",{"title":170,"_path":171},"Feature Visibility","/en/system/features-visibility",{"title":173,"_path":174},"Update","/en/system/update",{"title":176,"_path":177},"System Settings","/en/system/settings",{"title":179,"_path":180,"children":181},"Practice","/en/practice",[182,185,187],{"title":183,"_path":184},"Top Bantwidth Usage","/en/practice/topbantwidthusage",{"title":183,"_path":186},"/en/practice/most-visited-websites",{"title":188,"_path":189},"Inspect Blocked Traffic","/en/practice/inspect-blocked-traffic",{"title":191,"_path":192,"children":193},"Blog","/en/blog",[194,197,200,203,206,209,212,215],{"title":195,"_path":196},"Load Balance Configuration with Docker Swarm","/en/blog/load-balance-config",{"title":198,"_path":199},"Getting Started with the AI Module","/en/blog/ai-module",{"title":201,"_path":202},"How To Config Fortigate Syslog","/en/blog/how-to-config-fortigate-syslog",{"title":204,"_path":205},"How To Config Paloalto Syslog","/en/blog/how-to-config-paloalto-syslog",{"title":207,"_path":208},"How To Config Sophos Syslog","/en/blog/how-to-config-sophos-syslog",{"title":210,"_path":211},"Installing MinIO on Linux Server","/en/blog/minio-install",{"title":213,"_path":214},"Docker Desktop On Windows","/en/blog/docker-desktop-on-windows",{"title":216,"_path":217},"Installing Docker on Ubuntu Server","/en/blog/docker-on-ubuntu-server",{"title":219,"_path":220,"children":221},"Tr","/tr",[222,242,247,275,284,293,310,333,350,356,361,375,387],{"title":223,"_path":224,"children":225},"Giriş","/tr/getting-started",[226,227,230,233,236,239],{"title":223,"_path":224},{"title":228,"_path":229},"Hızlı Başlangıç","/tr/getting-started/quickstart",{"title":231,"_path":232},"Docker Standalone Üzerine Kurulum","/tr/getting-started/dockerstandalone",{"title":234,"_path":235},"Docker Swarm Üzerinde Kurulum","/tr/getting-started/dockerswarm",{"title":237,"_path":238},"Windows'ta Kurulum","/tr/getting-started/windows",{"title":240,"_path":241},"Linux'ta Kurulum","/tr/getting-started/linux",{"title":30,"_path":243,"children":244},"/tr/dashboard",[245],{"title":30,"_path":246},"/tr/dashboard/dashboard",{"title":36,"_path":248,"children":249},"/tr/datacollector",[250,252,254],{"title":40,"_path":251},"/tr/datacollector/view",{"title":43,"_path":253},"/tr/datacollector/management",{"title":46,"_path":255,"children":256},"/tr/datacollector/vendors",[257,260,263,266,269,272],{"title":258,"_path":259},"Varsayılan Syslog Yapılandırması","/tr/datacollector/vendors/default",{"title":261,"_path":262},"FortiGate Syslog Yapılandırması","/tr/datacollector/vendors/fortigate-syslog",{"title":264,"_path":265},"Palo Alto Syslog Yapılandırması","/tr/datacollector/vendors/palo-alto-syslog",{"title":267,"_path":268},"Ruijie Syslog Yapılandırması","/tr/datacollector/vendors/ruijie-syslog",{"title":270,"_path":271},"Sophos Syslog Yapılandırması","/tr/datacollector/vendors/sophos-syslog",{"title":273,"_path":274},"SonicWall Syslog Yapılandırması","/tr/datacollector/vendors/sonicwall-syslog",{"title":68,"_path":276,"children":277},"/tr/reports",[278,281],{"title":279,"_path":280},"Rapor Görünümleri","/tr/reports/view",{"title":282,"_path":283},"Planlanmış Raporlar","/tr/reports/scheduled-reports",{"title":78,"_path":285,"children":286},"/tr/alert",[287,290],{"title":288,"_path":289},"Kural Yönetimi","/tr/alert/rule-management",{"title":291,"_path":292},"Bildirim Politikası","/tr/alert/notification-policy",{"title":88,"_path":294,"children":295},"/tr/hotspot",[296,298,301,304,307],{"title":223,"_path":297},"/tr/hotspot/introduction",{"title":299,"_path":300},"Konum","/tr/hotspot/locations",{"title":302,"_path":303},"Şablonlar","/tr/hotspot/templates",{"title":305,"_path":306},"Kullanıcı Etkinliği","/tr/hotspot/user-stats",{"title":308,"_path":309},"Kara ve Beyaz Liste","/tr/hotspot/bw-list",{"title":106,"_path":311,"children":312},"/tr/integrations",[313,315,318,321,324,327,330],{"title":110,"_path":314},"/tr/integrations/smtp",{"title":316,"_path":317},"SMS Sağlayıcı","/tr/integrations/sms",{"title":319,"_path":320},"Pms","/tr/integrations/pms",{"title":322,"_path":323},"LDAP Entegrasyonu","/tr/integrations/ldap",{"title":325,"_path":326},"API Entegrasyonu","/tr/integrations/api",{"title":328,"_path":329},"NTP Sunucu Entegrasyonu","/tr/integrations/ntp",{"title":331,"_path":332},"Zaman Damgası Sunucusu Entegrasyonu","/tr/integrations/time-stamp-server",{"title":43,"_path":334,"children":335},"/tr/management",[336,339,342,345,347],{"title":337,"_path":338},"Veri Yönetimi","/tr/management/data-management",{"title":340,"_path":341},"İletişim Yönetimi","/tr/management/contact-management",{"title":343,"_path":344},"Nesne Yönetimi","/tr/management/object",{"title":143,"_path":346},"/tr/management/command-line-interface",{"title":348,"_path":349},"Disk Kapasite Planlama Formülü","/tr/management/disk-management",{"title":149,"_path":351,"children":352},"/tr/license",[353],{"title":354,"_path":355},"Lisans ve Ajanlar","/tr/license/license",{"title":156,"_path":357,"children":358},"/tr/user-authentication",[359],{"title":156,"_path":360},"/tr/user-authentication/user-authentication",{"title":163,"_path":362,"children":363},"/tr/system",[364,367,370,372],{"title":365,"_path":366},"Yönetici Yönetimi","/tr/system/administrator",{"title":368,"_path":369},"Özellik Görünürlüğü","/tr/system/features-visibility",{"title":173,"_path":371},"/tr/system/update",{"title":373,"_path":374},"Sistem Ayarları","/tr/system/settings",{"title":179,"_path":376,"children":377},"/tr/practice",[378,381,384],{"title":379,"_path":380},"En Yüksek Bandwidth Kullanımı","/tr/practice/topbantwidthusage",{"title":382,"_path":383},"Top Bandwidth Kullanımı","/tr/practice/most-visited-websites",{"title":385,"_path":386},"Engellenen Trafiği İncele","/tr/practice/inspect-blocked-traffic",{"title":191,"_path":388,"children":389},"/tr/blog",[390,393,396,398,400,402,405,408],{"title":391,"_path":392},"Docker Swarm ile Yük Deneleme Yapılandırması","/tr/blog/load-balance-config",{"title":394,"_path":395},"AI Modülü ile Başlarken","/tr/blog/ai-module",{"title":201,"_path":397},"/tr/blog/how-to-config-fortigate-syslog",{"title":204,"_path":399},"/tr/blog/how-to-config-paloalto-syslog",{"title":207,"_path":401},"/tr/blog/how-to-config-sophos-syslog",{"title":403,"_path":404},"Minio Install","/tr/blog/minio-install",{"title":406,"_path":407},"Windows'ta Docker Desktop","/tr/blog/docker-desktop-on-windows",{"title":409,"_path":410},"Ubuntu Server'da Docker Kurulumu","/tr/blog/docker-on-ubuntu-server",{"_path":86,"_dir":412,"_draft":413,"_partial":413,"_locale":414,"title":85,"description":415,"body":416,"_type":1253,"_id":1254,"_source":1255,"_file":1256,"_stem":1257,"_extension":1258},"alert",false,"","The Notification Policy module serves as the notification management layer of the alerting system. It routes security events received from alert rules to appropriate notification channels and delivers them to designated recipients. It provides support for intelligent routing, rate limiting, and multi-channel notifications.",{"type":417,"children":418,"toc":1221},"root",[419,461,468,473,478,514,520,527,532,538,543,616,622,627,633,638,644,667,673,678,688,698,704,709,715,721,726,779,785,790,796,802,825,831,836,869,875,881,886,892,897,930,936,989],{"type":420,"tag":421,"props":422,"children":424},"element","callout",{"icon":423},"i-heroicons-exclamation-triangle",[425],{"type":420,"tag":426,"props":427,"children":428},"p",{},[429,432,436,438,447,449,452,453,459],{"type":430,"value":431},"text","The alert system works with SMTP or SMS system. To use the alert system, you must first configure your preferred system.",{"type":420,"tag":433,"props":434,"children":435},"br",{},[],{"type":430,"value":437},"\n👉 ",{"type":420,"tag":439,"props":440,"children":444},"a",{"href":441,"rel":442},"http://localhost:3000/en/integrations/smtp",[443],"nofollow",[445],{"type":430,"value":446},"SMTP Configuration",{"type":430,"value":448},"📩 ",{"type":420,"tag":433,"props":450,"children":451},{},[],{"type":430,"value":437},{"type":420,"tag":439,"props":454,"children":456},{"href":441,"rel":455},[443],[457],{"type":430,"value":458},"SMS Configuration",{"type":430,"value":460},"💬",{"type":420,"tag":462,"props":463,"children":465},"h2",{"id":464},"policy-management-architecture",[466],{"type":430,"value":467},"Policy Management Architecture 🏗",{"type":420,"tag":426,"props":469,"children":470},{},[471],{"type":430,"value":472},"The notification system adopts a policy-based routing approach. Each policy links specific alert rules to predefined recipient groups and communication channels. This design enables scalable notification management and centralized alert distribution.",{"type":420,"tag":426,"props":474,"children":475},{},[476],{"type":430,"value":477},"The policy engine operates through three core components:",{"type":420,"tag":479,"props":480,"children":481},"ul",{},[482,494,504],{"type":420,"tag":483,"props":484,"children":485},"li",{},[486,492],{"type":420,"tag":487,"props":488,"children":489},"strong",{},[490],{"type":430,"value":491},"Rule Association:",{"type":430,"value":493}," Defines which alert rules are bound to which policies.",{"type":420,"tag":483,"props":495,"children":496},{},[497,502],{"type":420,"tag":487,"props":498,"children":499},{},[500],{"type":430,"value":501},"Channel Configuration:",{"type":430,"value":503}," Enables multi-platform notification delivery mechanisms.",{"type":420,"tag":483,"props":505,"children":506},{},[507,512],{"type":420,"tag":487,"props":508,"children":509},{},[510],{"type":430,"value":511},"Recipient Management:",{"type":430,"value":513}," Manages target audience segmentation and delivery preferences.",{"type":420,"tag":462,"props":515,"children":517},{"id":516},"policy-types",[518],{"type":430,"value":519},"Policy Types 🎯",{"type":420,"tag":521,"props":522,"children":524},"h3",{"id":523},"custom-policies",[525],{"type":430,"value":526},"Custom Policies 🎨",{"type":420,"tag":426,"props":528,"children":529},{},[530],{"type":430,"value":531},"Custom policies are tailored for specific business requirements, enabling flexible notification logic. These policies support organization-specific workflows through flexible rule selection, conditional triggers, and custom recipient mapping.",{"type":420,"tag":521,"props":533,"children":535},{"id":534},"template-policies",[536],{"type":430,"value":537},"Template Policies 📌",{"type":420,"tag":426,"props":539,"children":540},{},[541],{"type":430,"value":542},"The template system provides pre-configured notification policies for common security scenarios. Policies are organized by category, allowing domain-specific notification templates:",{"type":420,"tag":479,"props":544,"children":545},{},[546,556,566,576,586,596,606],{"type":420,"tag":483,"props":547,"children":548},{},[549,554],{"type":420,"tag":487,"props":550,"children":551},{},[552],{"type":430,"value":553},"Authentication Security:",{"type":430,"value":555}," Notification patterns for identity-related security events.",{"type":420,"tag":483,"props":557,"children":558},{},[559,564],{"type":420,"tag":487,"props":560,"children":561},{},[562],{"type":430,"value":563},"Data Protection:",{"type":430,"value":565}," Specialized routing for data loss and unauthorized access incidents.",{"type":420,"tag":483,"props":567,"children":568},{},[569,574],{"type":420,"tag":487,"props":570,"children":571},{},[572],{"type":430,"value":573},"Executive Alerts:",{"type":430,"value":575}," Executive-level notifications for high-severity incidents.",{"type":420,"tag":483,"props":577,"children":578},{},[579,584],{"type":420,"tag":487,"props":580,"children":581},{},[582],{"type":430,"value":583},"Insider Threat Detection:",{"type":430,"value":585}," Targeted alerting for internal threat patterns.",{"type":420,"tag":483,"props":587,"children":588},{},[589,594],{"type":420,"tag":487,"props":590,"children":591},{},[592],{"type":430,"value":593},"Malware Defense:",{"type":430,"value":595}," Rapid response notifications for malware detection events.",{"type":420,"tag":483,"props":597,"children":598},{},[599,604],{"type":420,"tag":487,"props":600,"children":601},{},[602],{"type":430,"value":603},"Network Protection:",{"type":430,"value":605}," Infrastructure team notifications for network security incidents.",{"type":420,"tag":483,"props":607,"children":608},{},[609,614],{"type":420,"tag":487,"props":610,"children":611},{},[612],{"type":430,"value":613},"Web Application Security:",{"type":430,"value":615}," Development team alerting for application-layer attacks.",{"type":420,"tag":462,"props":617,"children":619},{"id":618},"alert-routing-engine",[620],{"type":430,"value":621},"Alert Routing Engine 🔧",{"type":420,"tag":426,"props":623,"children":624},{},[625],{"type":430,"value":626},"The policy engine performs intelligent alert routing based on multi-criteria evaluation:",{"type":420,"tag":521,"props":628,"children":630},{"id":629},"rule-association",[631],{"type":430,"value":632},"Rule Association 🤝🏼",{"type":420,"tag":426,"props":634,"children":635},{},[636],{"type":430,"value":637},"Policies consolidate multiple alert rules into a single notification stream. This ensures coordinated response to related security events and reduces notification noise.",{"type":420,"tag":521,"props":639,"children":641},{"id":640},"conditional-logic",[642],{"type":430,"value":643},"Conditional Logic 📑",{"type":420,"tag":479,"props":645,"children":646},{},[647,657],{"type":420,"tag":483,"props":648,"children":649},{},[650,655],{"type":420,"tag":487,"props":651,"children":652},{},[653],{"type":430,"value":654},"Min Score Filtering:",{"type":430,"value":656}," Policies define trigger conditions using a minimum risk score threshold, preventing unnecessary notifications for low-priority alerts.",{"type":420,"tag":483,"props":658,"children":659},{},[660,665],{"type":420,"tag":487,"props":661,"children":662},{},[663],{"type":430,"value":664},"Rate Limiting:",{"type":430,"value":666}," Configurable thresholds and time windows prevent notification flooding and maintain system stability during high-volume alert generation.",{"type":420,"tag":521,"props":668,"children":670},{"id":669},"multi-channel-notification",[671],{"type":430,"value":672},"Multi-Channel Notification 📢",{"type":420,"tag":426,"props":674,"children":675},{},[676],{"type":430,"value":677},"Supported Channels:",{"type":420,"tag":426,"props":679,"children":680},{},[681,686],{"type":420,"tag":487,"props":682,"children":683},{},[684],{"type":430,"value":685},"SMS:",{"type":430,"value":687}," GSM infrastructure integration for real-time mobile alerts",{"type":420,"tag":426,"props":689,"children":690},{},[691,696],{"type":420,"tag":487,"props":692,"children":693},{},[694],{"type":430,"value":695},"Email:",{"type":430,"value":697}," Rich alert details with attachment support",{"type":420,"tag":521,"props":699,"children":701},{"id":700},"channel-strategy",[702],{"type":430,"value":703},"Channel Strategy 📺",{"type":420,"tag":426,"props":705,"children":706},{},[707],{"type":430,"value":708},"The multi-channel strategy ensures delivery redundancy and recipient preference optimization. Critical alerts are delivered simultaneously across multiple channels, while routine notifications follow preferred channels.",{"type":420,"tag":462,"props":710,"children":712},{"id":711},"recipient-management",[713],{"type":430,"value":714},"Recipient Management 📥",{"type":420,"tag":521,"props":716,"children":718},{"id":717},"recipient-categories-️",[719],{"type":430,"value":720},"Recipient Categories 🏷️",{"type":420,"tag":426,"props":722,"children":723},{},[724],{"type":430,"value":725},"The system supports role-based recipient categorization, including:",{"type":420,"tag":479,"props":727,"children":728},{},[729,739,749,759,769],{"type":420,"tag":483,"props":730,"children":731},{},[732,737],{"type":420,"tag":487,"props":733,"children":734},{},[735],{"type":430,"value":736},"Security Operations:",{"type":430,"value":738}," SOC team members and security analysts",{"type":420,"tag":483,"props":740,"children":741},{},[742,747],{"type":420,"tag":487,"props":743,"children":744},{},[745],{"type":430,"value":746},"Identity Management:",{"type":430,"value":748}," Teams responsible for identity governance and access control",{"type":420,"tag":483,"props":750,"children":751},{},[752,757],{"type":420,"tag":487,"props":753,"children":754},{},[755],{"type":430,"value":756},"Application Security:",{"type":430,"value":758}," Developers and DevSecOps teams",{"type":420,"tag":483,"props":760,"children":761},{},[762,767],{"type":420,"tag":487,"props":763,"children":764},{},[765],{"type":430,"value":766},"Executive Level:",{"type":430,"value":768}," C-level executives and security leadership",{"type":420,"tag":483,"props":770,"children":771},{},[772,777],{"type":420,"tag":487,"props":773,"children":774},{},[775],{"type":430,"value":776},"Infrastructure Teams:",{"type":430,"value":778}," Network operations and system administrators",{"type":420,"tag":521,"props":780,"children":782},{"id":781},"dynamic-recipient-selection",[783],{"type":430,"value":784},"Dynamic Recipient Selection ☰",{"type":420,"tag":426,"props":786,"children":787},{},[788],{"type":430,"value":789},"The policy engine performs context-aware recipient selection, dynamically determining the appropriate recipients based on alert type, severity level, and business impact.",{"type":420,"tag":462,"props":791,"children":793},{"id":792},"policy-configuration-️",[794],{"type":430,"value":795},"Policy Configuration ⚙️",{"type":420,"tag":521,"props":797,"children":799},{"id":798},"rate-limiting-controls",[800],{"type":430,"value":801},"Rate Limiting Controls 🚧",{"type":420,"tag":479,"props":803,"children":804},{},[805,815],{"type":420,"tag":483,"props":806,"children":807},{},[808,813],{"type":420,"tag":487,"props":809,"children":810},{},[811],{"type":430,"value":812},"Threshold Configuration:",{"type":430,"value":814}," Defines the maximum number of notifications within a specific time window.",{"type":420,"tag":483,"props":816,"children":817},{},[818,823],{"type":420,"tag":487,"props":819,"children":820},{},[821],{"type":430,"value":822},"Window Management:",{"type":430,"value":824}," Prevents notification bursts through time-based rate limiting.",{"type":420,"tag":521,"props":826,"children":828},{"id":827},"delivery-optimization-ᯓ",[829],{"type":430,"value":830},"Delivery Optimization ᯓ➤",{"type":420,"tag":426,"props":832,"children":833},{},[834],{"type":430,"value":835},"Policies optimize notification delivery through:",{"type":420,"tag":479,"props":837,"children":838},{},[839,849,859],{"type":420,"tag":483,"props":840,"children":841},{},[842,847],{"type":420,"tag":487,"props":843,"children":844},{},[845],{"type":430,"value":846},"Priority-based Routing:",{"type":430,"value":848}," Expedited delivery for high-severity alerts",{"type":420,"tag":483,"props":850,"children":851},{},[852,857],{"type":420,"tag":487,"props":853,"children":854},{},[855],{"type":430,"value":856},"Batch Processing:",{"type":430,"value":858}," Efficient batch delivery for low-priority alerts",{"type":420,"tag":483,"props":860,"children":861},{},[862,867],{"type":420,"tag":487,"props":863,"children":864},{},[865],{"type":430,"value":866},"Delivery Confirmation:",{"type":430,"value":868}," Acknowledgment requirements for critical notifications",{"type":420,"tag":462,"props":870,"children":872},{"id":871},"integration-architecture",[873],{"type":430,"value":874},"Integration Architecture 🏗",{"type":420,"tag":521,"props":876,"children":878},{"id":877},"alert-system-integration",[879],{"type":430,"value":880},"Alert System Integration❗",{"type":420,"tag":426,"props":882,"children":883},{},[884],{"type":430,"value":885},"Notification policies are tightly integrated with the alert rule engine. Triggering events automatically invoke policy evaluation and initiate the corresponding notification workflow.",{"type":420,"tag":521,"props":887,"children":889},{"id":888},"external-system-integration",[890],{"type":430,"value":891},"External System Integration 🔌",{"type":420,"tag":426,"props":893,"children":894},{},[895],{"type":430,"value":896},"Native integration with communication platforms through:",{"type":420,"tag":479,"props":898,"children":899},{},[900,910,920],{"type":420,"tag":483,"props":901,"children":902},{},[903,908],{"type":420,"tag":487,"props":904,"children":905},{},[906],{"type":430,"value":907},"Webhook Support:",{"type":430,"value":909}," HTTP webhook delivery for custom integrations",{"type":420,"tag":483,"props":911,"children":912},{},[913,918],{"type":420,"tag":487,"props":914,"children":915},{},[916],{"type":430,"value":917},"API Connectivity:",{"type":430,"value":919}," RESTful API integration with third-party systems",{"type":420,"tag":483,"props":921,"children":922},{},[923,928],{"type":420,"tag":487,"props":924,"children":925},{},[926],{"type":430,"value":927},"Message Formatting:",{"type":430,"value":929}," Platform-specific message formatting for optimal delivery",{"type":420,"tag":462,"props":931,"children":933},{"id":932},"use-cases-️",[934],{"type":430,"value":935},"Use Cases ✍️",{"type":420,"tag":479,"props":937,"children":938},{},[939,949,959,969,979],{"type":420,"tag":483,"props":940,"children":941},{},[942,947],{"type":420,"tag":487,"props":943,"children":944},{},[945],{"type":430,"value":946},"Incident Response Automation:",{"type":430,"value":948}," Rapid response team activation via automated notification cascades for critical events.",{"type":420,"tag":483,"props":950,"children":951},{},[952,957],{"type":420,"tag":487,"props":953,"children":954},{},[955],{"type":430,"value":956},"Compliance Reporting:",{"type":430,"value":958}," Automated stakeholder notifications and audit trail generation for regulatory compliance.",{"type":420,"tag":483,"props":960,"children":961},{},[962,967],{"type":420,"tag":487,"props":963,"children":964},{},[965],{"type":430,"value":966},"Operational Monitoring:",{"type":430,"value":968}," Proactive notifications for infrastructure and application health.",{"type":420,"tag":483,"props":970,"children":971},{},[972,977],{"type":420,"tag":487,"props":973,"children":974},{},[975],{"type":430,"value":976},"Executive Dashboards:",{"type":430,"value":978}," Summarized alerts focused on high-level security posture for executive visibility.",{"type":420,"tag":483,"props":980,"children":981},{},[982,987],{"type":420,"tag":487,"props":983,"children":984},{},[985],{"type":430,"value":986},"Cross-Functional Coordination:",{"type":430,"value":988}," Coordinated notifications to multiple departments for optimized organizational response to security events.",{"type":420,"tag":990,"props":991,"children":995},"u-card",{"className":992},[993,994],"mt-4:bg-gray-100","dark:bg-gray-800",[996,1002,1015,1021,1026,1139,1149,1153,1159,1164],{"type":420,"tag":462,"props":997,"children":999},{"id":998},"how-to-use",[1000],{"type":430,"value":1001},"How To Use ? 🤔",{"type":420,"tag":426,"props":1003,"children":1004},{},[1005,1007],{"type":430,"value":1006},"To create a rule on the Alert page, go to ",{"type":420,"tag":1008,"props":1009,"children":1012},"u-badge",{"color":1010,"variant":1011},"primary","soft",[1013],{"type":430,"value":1014},"Alert > Notification Policy",{"type":420,"tag":521,"props":1016,"children":1018},{"id":1017},"create-custom-policy",[1019],{"type":430,"value":1020},"Create Custom Policy",{"type":420,"tag":426,"props":1022,"children":1023},{},[1024],{"type":430,"value":1025},"Follow the steps below to create a custom rule;",{"type":420,"tag":479,"props":1027,"children":1028},{},[1029,1048,1067,1093,1112],{"type":420,"tag":483,"props":1030,"children":1031},{},[1032,1034,1039,1041,1046],{"type":430,"value":1033},"Go to ",{"type":420,"tag":1008,"props":1035,"children":1036},{"color":1010,"variant":1011},[1037],{"type":430,"value":1038},"Create New > Create Custom > Custom Rule",{"type":430,"value":1040}," and then click ",{"type":420,"tag":1008,"props":1042,"children":1043},{"color":1010,"variant":1011},[1044],{"type":430,"value":1045},"Add",{"type":430,"value":1047}," button.",{"type":420,"tag":483,"props":1049,"children":1050},{},[1051,1053,1058,1060,1065],{"type":430,"value":1052},"Write a ",{"type":420,"tag":1008,"props":1054,"children":1055},{"color":1010,"variant":1011},[1056],{"type":430,"value":1057},"Policy name",{"type":430,"value":1059}," and then select rule from ",{"type":420,"tag":1008,"props":1061,"children":1062},{"color":1010,"variant":1011},[1063],{"type":430,"value":1064},"Policy Rules",{"type":430,"value":1066}," menu.",{"type":420,"tag":483,"props":1068,"children":1069},{},[1070,1072,1077,1079,1084,1086,1091],{"type":430,"value":1071},"Enter the ",{"type":420,"tag":1008,"props":1073,"children":1074},{"color":1010,"variant":1011},[1075],{"type":430,"value":1076},"Threshold",{"type":430,"value":1078}," and ",{"type":420,"tag":1008,"props":1080,"children":1081},{"color":1010,"variant":1011},[1082],{"type":430,"value":1083},"Window",{"type":430,"value":1085}," values from the ",{"type":420,"tag":1008,"props":1087,"children":1088},{"color":1010,"variant":1011},[1089],{"type":430,"value":1090},"Rate Limit",{"type":430,"value":1092}," menu below.",{"type":420,"tag":483,"props":1094,"children":1095},{},[1096,1098,1103,1105,1110],{"type":430,"value":1097},"From the ",{"type":420,"tag":1008,"props":1099,"children":1100},{"color":1010,"variant":1011},[1101],{"type":430,"value":1102},"Conditions",{"type":430,"value":1104}," menu, select the ",{"type":420,"tag":1008,"props":1106,"children":1107},{"color":1010,"variant":1011},[1108],{"type":430,"value":1109},"score",{"type":430,"value":1111}," at which the Notification will be triggered.",{"type":420,"tag":483,"props":1113,"children":1114},{},[1115,1117,1122,1123,1128,1130,1134,1136],{"type":430,"value":1116},"Finally, enter ",{"type":420,"tag":1008,"props":1118,"children":1119},{"color":1010,"variant":1011},[1120],{"type":430,"value":1121},"Recipients",{"type":430,"value":1078},{"type":420,"tag":1008,"props":1124,"children":1125},{"color":1010,"variant":1011},[1126],{"type":430,"value":1127},"Channels",{"type":430,"value":1129}," to which the Notification will be sent. Click the ",{"type":420,"tag":1008,"props":1131,"children":1132},{"color":1010,"variant":1011},[1133],{"type":430,"value":1045},{"type":430,"value":1135}," button and save.\n   ",{"type":420,"tag":433,"props":1137,"children":1138},{},[],{"type":420,"tag":426,"props":1140,"children":1141},{},[1142,1147],{"type":420,"tag":487,"props":1143,"children":1144},{},[1145],{"type":430,"value":1146},"For Exemple:",{"type":430,"value":1148},"\nIn this example, when failed SSH attempts within 60 seconds are repeated 15 times within 1 hour and reach a score of 70, the SOC analyst team will be notified via sms.",{"type":420,"tag":1150,"props":1151,"children":1152},"siem-notification-builder",{},[],{"type":420,"tag":521,"props":1154,"children":1156},{"id":1155},"create-from-template",[1157],{"type":430,"value":1158},"Create From Template",{"type":420,"tag":426,"props":1160,"children":1161},{},[1162],{"type":430,"value":1163},"Follow the steps below to create a new rule using a ready-made template;",{"type":420,"tag":479,"props":1165,"children":1166},{},[1167,1190],{"type":420,"tag":483,"props":1168,"children":1169},{},[1170,1171,1176,1178,1183,1185,1189],{"type":430,"value":1033},{"type":420,"tag":1008,"props":1172,"children":1173},{"color":1010,"variant":1011},[1174],{"type":430,"value":1175},"Create New > Create from template",{"type":430,"value":1177},".",{"type":420,"tag":1008,"props":1179,"children":1180},{"color":1010,"variant":1011},[1181],{"type":430,"value":1182},"The Rule Templates",{"type":430,"value":1184}," page will welcome you. Select the template you need from this page and click the ",{"type":420,"tag":1008,"props":1186,"children":1187},{"color":1010,"variant":1011},[1188],{"type":430,"value":1045},{"type":430,"value":1047},{"type":420,"tag":483,"props":1191,"children":1192},{},[1193,1195,1199,1201],{"type":430,"value":1194},"The predefined rule template for you will appear in detail. You can edit it on this page if you want or you can leave it as default and click the ",{"type":420,"tag":1008,"props":1196,"children":1197},{"color":1010,"variant":1011},[1198],{"type":430,"value":1045},{"type":430,"value":1200}," button.\n",{"type":420,"tag":421,"props":1202,"children":1203},{"icon":423},[1204],{"type":420,"tag":426,"props":1205,"children":1206},{},[1207,1209,1216,1218],{"type":430,"value":1208},"After finishing the rule definitions in the Alert module, you need to bind the alerts to a policy in the notification policy section. Go to the ",{"type":420,"tag":439,"props":1210,"children":1213},{"href":1211,"rel":1212},"http://localhost:3000/en/alert/notification-policy",[443],[1214],{"type":430,"value":1215},"notification policy",{"type":430,"value":1217}," document for these operations.",{"type":420,"tag":433,"props":1219,"children":1220},{},[],{"title":414,"searchDepth":1222,"depth":1222,"links":1223},2,[1224,1225,1230,1236,1240,1244,1248,1249],{"id":464,"depth":1222,"text":467},{"id":516,"depth":1222,"text":519,"children":1226},[1227,1229],{"id":523,"depth":1228,"text":526},3,{"id":534,"depth":1228,"text":537},{"id":618,"depth":1222,"text":621,"children":1231},[1232,1233,1234,1235],{"id":629,"depth":1228,"text":632},{"id":640,"depth":1228,"text":643},{"id":669,"depth":1228,"text":672},{"id":700,"depth":1228,"text":703},{"id":711,"depth":1222,"text":714,"children":1237},[1238,1239],{"id":717,"depth":1228,"text":720},{"id":781,"depth":1228,"text":784},{"id":792,"depth":1222,"text":795,"children":1241},[1242,1243],{"id":798,"depth":1228,"text":801},{"id":827,"depth":1228,"text":830},{"id":871,"depth":1222,"text":874,"children":1245},[1246,1247],{"id":877,"depth":1228,"text":880},{"id":888,"depth":1228,"text":891},{"id":932,"depth":1222,"text":935},{"id":998,"depth":1222,"text":1001,"children":1250},[1251,1252],{"id":1017,"depth":1228,"text":1020},{"id":1155,"depth":1228,"text":1158},"markdown","content:en:5.alert:2.notification-policy.md","content","en/5.alert/2.notification-policy.md","en/5.alert/2.notification-policy","md",[1260,1985],{"_path":83,"_dir":412,"_draft":413,"_partial":413,"_locale":414,"title":82,"description":1261,"body":1262,"_type":1253,"_id":1982,"_source":1255,"_file":1983,"_stem":1984,"_extension":1258},"This section provides information about the use of Alert notifications in the Logger software.",{"type":417,"children":1263,"toc":1964},[1264,1270,1275,1281,1287,1292,1355,1361,1366,1399,1405,1410,1433,1439,1472,1478,1483,1490,1533,1539,1544,1587,1592,1598,1603,1634,1640,1645,1664,1669,1673,1712],{"type":420,"tag":462,"props":1265,"children":1267},{"id":1266},"what-is-alert-module-️",[1268],{"type":430,"value":1269},"What Is Alert Module ? 🤷‍♂️",{"type":420,"tag":426,"props":1271,"children":1272},{},[1273],{"type":430,"value":1274},"Alert module is the real-time threat detection and warning component of the network SIEM system. It analyzes multi-source log data using a rule-based detection engine and detects security events according to predefined rules.",{"type":420,"tag":462,"props":1276,"children":1278},{"id":1277},"rule-management",[1279],{"type":430,"value":1280},"Rule Management 👨‍💼",{"type":420,"tag":521,"props":1282,"children":1284},{"id":1283},"rule-categories-️",[1285],{"type":430,"value":1286},"Rule Categories 🏷️",{"type":420,"tag":426,"props":1288,"children":1289},{},[1290],{"type":430,"value":1291},"Alert module uses a rule structure categorized according to security scenarios:",{"type":420,"tag":479,"props":1293,"children":1294},{},[1295,1305,1315,1325,1335,1345],{"type":420,"tag":483,"props":1296,"children":1297},{},[1298,1303],{"type":420,"tag":487,"props":1299,"children":1300},{},[1301],{"type":430,"value":1302},"Network Security:",{"type":430,"value":1304}," Network anomaly and attack pattern detection",{"type":420,"tag":483,"props":1306,"children":1307},{},[1308,1313],{"type":420,"tag":487,"props":1309,"children":1310},{},[1311],{"type":430,"value":1312},"Data Leakage Prevention:",{"type":430,"value":1314}," Data leakage and unauthorized data transfer detection",{"type":420,"tag":483,"props":1316,"children":1317},{},[1318,1323],{"type":420,"tag":487,"props":1319,"children":1320},{},[1321],{"type":430,"value":1322},"Insider Threats:",{"type":430,"value":1324}," Insider threat and reconnaissance activity detection",{"type":420,"tag":483,"props":1326,"children":1327},{},[1328,1333],{"type":420,"tag":487,"props":1329,"children":1330},{},[1331],{"type":430,"value":1332},"Authentication & Access:",{"type":430,"value":1334}," Authentication anomaly and privilege escalation detection",{"type":420,"tag":483,"props":1336,"children":1337},{},[1338,1343],{"type":420,"tag":487,"props":1339,"children":1340},{},[1341],{"type":430,"value":1342},"Malware & Threats:",{"type":430,"value":1344}," Malware communication and suspicious process detection",{"type":420,"tag":483,"props":1346,"children":1347},{},[1348,1353],{"type":420,"tag":487,"props":1349,"children":1350},{},[1351],{"type":430,"value":1352},"Custom Rule:",{"type":430,"value":1354}," You can create categories manually",{"type":420,"tag":521,"props":1356,"children":1358},{"id":1357},"rule-status",[1359],{"type":430,"value":1360},"Rule Status ၊၊||၊",{"type":420,"tag":426,"props":1362,"children":1363},{},[1364],{"type":430,"value":1365},"Rules can exist in three basic states:",{"type":420,"tag":479,"props":1367,"children":1368},{},[1369,1379,1389],{"type":420,"tag":483,"props":1370,"children":1371},{},[1372,1377],{"type":420,"tag":487,"props":1373,"children":1374},{},[1375],{"type":430,"value":1376},"Active:",{"type":430,"value":1378}," Rule is actively monitoring",{"type":420,"tag":483,"props":1380,"children":1381},{},[1382,1387],{"type":420,"tag":487,"props":1383,"children":1384},{},[1385],{"type":430,"value":1386},"Inactive:",{"type":430,"value":1388}," Rule defined but not working",{"type":420,"tag":483,"props":1390,"children":1391},{},[1392,1397],{"type":420,"tag":487,"props":1393,"children":1394},{},[1395],{"type":430,"value":1396},"Template:",{"type":430,"value":1398}," Ready-made template, ready to customize",{"type":420,"tag":521,"props":1400,"children":1402},{"id":1401},"template-system",[1403],{"type":430,"value":1404},"Template System 📌",{"type":420,"tag":426,"props":1406,"children":1407},{},[1408],{"type":430,"value":1409},"The template system provides a collection of ready-made rules that reflect the best practices of the security community. Its template:",{"type":420,"tag":479,"props":1411,"children":1412},{},[1413,1418,1423,1428],{"type":420,"tag":483,"props":1414,"children":1415},{},[1416],{"type":430,"value":1417},"Optimized vendor-specific log format",{"type":420,"tag":483,"props":1419,"children":1420},{},[1421],{"type":430,"value":1422},"Comes with pre-configured risk scoring",{"type":420,"tag":483,"props":1424,"children":1425},{},[1426],{"type":430,"value":1427},"Includes production-ready sensing logic",{"type":420,"tag":483,"props":1429,"children":1430},{},[1431],{"type":430,"value":1432},"Ready for immediate deployment",{"type":420,"tag":521,"props":1434,"children":1436},{"id":1435},"template-examples-️",[1437],{"type":430,"value":1438},"Template Examples ✍️",{"type":420,"tag":479,"props":1440,"children":1441},{},[1442,1452,1462],{"type":420,"tag":483,"props":1443,"children":1444},{},[1445,1450],{"type":420,"tag":487,"props":1446,"children":1447},{},[1448],{"type":430,"value":1449},"AnomalousAPI:",{"type":430,"value":1451}," Detects API abuse patterns. Captures excessive API call frequency, unusual endpoint access and potential scraping activities",{"type":420,"tag":483,"props":1453,"children":1454},{},[1455,1460],{"type":420,"tag":487,"props":1456,"children":1457},{},[1458],{"type":430,"value":1459},"ConsistentBeaconing:",{"type":430,"value":1461}," Detects regular network connectivity patterns that indicate malware command and control communications",{"type":420,"tag":483,"props":1463,"children":1464},{},[1465,1470],{"type":420,"tag":487,"props":1466,"children":1467},{},[1468],{"type":430,"value":1469},"ExcessiveFileDownloads:",{"type":430,"value":1471}," Monitors data hoarding and unauthorized bulk data collection activities",{"type":420,"tag":521,"props":1473,"children":1475},{"id":1474},"custom-rule-engine",[1476],{"type":430,"value":1477},"Custom Rule Engine 🔧",{"type":420,"tag":426,"props":1479,"children":1480},{},[1481],{"type":430,"value":1482},"The custom rule engine offers a comprehensive configuration interface for flexible rule creation.",{"type":420,"tag":1484,"props":1485,"children":1487},"h4",{"id":1486},"rule-components",[1488],{"type":430,"value":1489},"Rule Components 🔩",{"type":420,"tag":479,"props":1491,"children":1492},{},[1493,1503,1513,1523],{"type":420,"tag":483,"props":1494,"children":1495},{},[1496,1501],{"type":420,"tag":487,"props":1497,"children":1498},{},[1499],{"type":430,"value":1500},"Basic Configuration:",{"type":430,"value":1502}," Basic definition is made with rule name, description and source selection. Source selection determines which vendor log flows will be analyzed.",{"type":420,"tag":483,"props":1504,"children":1505},{},[1506,1511],{"type":420,"tag":487,"props":1507,"children":1508},{},[1509],{"type":430,"value":1510},"Risk Scoring:",{"type":430,"value":1512}," Dynamic scoring system between 1-10. Score determines alert priority and response strategy.",{"type":420,"tag":483,"props":1514,"children":1515},{},[1516,1521],{"type":420,"tag":487,"props":1517,"children":1518},{},[1519],{"type":430,"value":1520},"Column Filters:",{"type":430,"value":1522}," Multi-conditional filtering system. Complex condition sets can be created with logical operators.",{"type":420,"tag":483,"props":1524,"children":1525},{},[1526,1531],{"type":420,"tag":487,"props":1527,"children":1528},{},[1529],{"type":430,"value":1530},"Aggregation Operations:",{"type":430,"value":1532}," Time window based calculations. Trend analysis is done with operations such as count, sum, average.",{"type":420,"tag":521,"props":1534,"children":1536},{"id":1535},"filter-system-️",[1537],{"type":430,"value":1538},"Filter System 🌪️",{"type":420,"tag":426,"props":1540,"children":1541},{},[1542],{"type":430,"value":1543},"The filter engine uses field-based conditional logic:",{"type":420,"tag":479,"props":1545,"children":1546},{},[1547,1557,1567,1577],{"type":420,"tag":483,"props":1548,"children":1549},{},[1550,1555],{"type":420,"tag":487,"props":1551,"children":1552},{},[1553],{"type":430,"value":1554},"Equal/Inequal:",{"type":430,"value":1556}," Exact match conditions",{"type":420,"tag":483,"props":1558,"children":1559},{},[1560,1565],{"type":420,"tag":487,"props":1561,"children":1562},{},[1563],{"type":430,"value":1564},"Includes/Excludes:",{"type":430,"value":1566}," Pattern matching",{"type":420,"tag":483,"props":1568,"children":1569},{},[1570,1575],{"type":420,"tag":487,"props":1571,"children":1572},{},[1573],{"type":430,"value":1574},"Empty/Not Empty:",{"type":430,"value":1576}," Field entity validation",{"type":420,"tag":483,"props":1578,"children":1579},{},[1580,1585],{"type":420,"tag":487,"props":1581,"children":1582},{},[1583],{"type":430,"value":1584},"Bigger/Smaller:",{"type":430,"value":1586}," Numerical comparisons",{"type":420,"tag":426,"props":1588,"children":1589},{},[1590],{"type":430,"value":1591},"Multiple filters can be combined with AND/OR logic.",{"type":420,"tag":521,"props":1593,"children":1595},{"id":1594},"aggregation-engine",[1596],{"type":430,"value":1597},"Aggregation Engine 🔗",{"type":420,"tag":426,"props":1599,"children":1600},{},[1601],{"type":430,"value":1602},"Aggregation engine for time series analysis:",{"type":420,"tag":426,"props":1604,"children":1605},{},[1606,1611,1613,1618,1620,1625,1627,1632],{"type":420,"tag":487,"props":1607,"children":1608},{},[1609],{"type":430,"value":1610},"Time Windows:",{"type":430,"value":1612}," Configurable analysis periods\n",{"type":420,"tag":487,"props":1614,"children":1615},{},[1616],{"type":430,"value":1617},"Totalizer Functions:",{"type":430,"value":1619}," Count, sum, average, min, max operations\n",{"type":420,"tag":487,"props":1621,"children":1622},{},[1623],{"type":430,"value":1624},"Grouping Fields:",{"type":430,"value":1626}," Field-based grouping for event categorization\n",{"type":420,"tag":487,"props":1628,"children":1629},{},[1630],{"type":430,"value":1631},"Threshold Conditions:",{"type":430,"value":1633}," Numerical thresholds for trigger points",{"type":420,"tag":462,"props":1635,"children":1637},{"id":1636},"alert-processing",[1638],{"type":430,"value":1639},"Alert Processing❗",{"type":420,"tag":426,"props":1641,"children":1642},{},[1643],{"type":430,"value":1644},"The alert processing pipeline operates in three stages:",{"type":420,"tag":1646,"props":1647,"children":1648},"ol",{},[1649,1654,1659],{"type":420,"tag":483,"props":1650,"children":1651},{},[1652],{"type":430,"value":1653},"Event Retrieval Multi-source log collection and normalization",{"type":420,"tag":483,"props":1655,"children":1656},{},[1657],{"type":430,"value":1658},"Rule Evaluation: Real-time rule matching and condition checking",{"type":420,"tag":483,"props":1660,"children":1661},{},[1662],{"type":430,"value":1663},"Alert Generation: Risk scoring and notification triggering",{"type":420,"tag":426,"props":1665,"children":1666},{},[1667],{"type":430,"value":1668},"The processing engine uses in-memory operations for low latency and can handle high throughput log volumes.",{"type":420,"tag":462,"props":1670,"children":1671},{"id":932},[1672],{"type":430,"value":935},{"type":420,"tag":426,"props":1674,"children":1675},{},[1676,1681,1683,1686,1691,1693,1696,1700,1702,1705,1710],{"type":420,"tag":487,"props":1677,"children":1678},{},[1679],{"type":430,"value":1680},"Network Anomaly Detection:",{"type":430,"value":1682}," Detects unusual traffic patterns, port scanning, lateral movement activities.",{"type":420,"tag":433,"props":1684,"children":1685},{},[],{"type":420,"tag":487,"props":1687,"children":1688},{},[1689],{"type":430,"value":1690},"Data Loss Prevention:",{"type":430,"value":1692}," Monitors excessive file downloads, unauthorized data access, bulk data transfer patterns.",{"type":420,"tag":433,"props":1694,"children":1695},{},[],{"type":420,"tag":487,"props":1697,"children":1698},{},[1699],{"type":430,"value":583},{"type":430,"value":1701}," Captures privilege escalation, reconnaissance activities, off-hours access patterns.",{"type":420,"tag":433,"props":1703,"children":1704},{},[],{"type":420,"tag":487,"props":1706,"children":1707},{},[1708],{"type":430,"value":1709},"Compliance Monitoring:",{"type":430,"value":1711}," Provides audit trail generation and violation detection for regulatory requirements.",{"type":420,"tag":990,"props":1713,"children":1715},{"className":1714},[993,994],[1716,1720,1729,1735,1739,1896,1905,1909,1913,1917],{"type":420,"tag":462,"props":1717,"children":1718},{"id":998},[1719],{"type":430,"value":1001},{"type":420,"tag":426,"props":1721,"children":1722},{},[1723,1724],{"type":430,"value":1006},{"type":420,"tag":1008,"props":1725,"children":1726},{"color":1010,"variant":1011},[1727],{"type":430,"value":1728},"Alert > Rule Management",{"type":420,"tag":521,"props":1730,"children":1732},{"id":1731},"create-custom-rule",[1733],{"type":430,"value":1734},"Create Custom Rule",{"type":420,"tag":426,"props":1736,"children":1737},{},[1738],{"type":430,"value":1025},{"type":420,"tag":479,"props":1740,"children":1741},{},[1742,1756,1780,1799,1831,1870],{"type":420,"tag":483,"props":1743,"children":1744},{},[1745,1746,1750,1751,1755],{"type":430,"value":1033},{"type":420,"tag":1008,"props":1747,"children":1748},{"color":1010,"variant":1011},[1749],{"type":430,"value":1038},{"type":430,"value":1040},{"type":420,"tag":1008,"props":1752,"children":1753},{"color":1010,"variant":1011},[1754],{"type":430,"value":1045},{"type":430,"value":1047},{"type":420,"tag":483,"props":1757,"children":1758},{},[1759,1760,1765,1766,1771,1773,1778],{"type":430,"value":1052},{"type":420,"tag":1008,"props":1761,"children":1762},{"color":1010,"variant":1011},[1763],{"type":430,"value":1764},"name",{"type":430,"value":1078},{"type":420,"tag":1008,"props":1767,"children":1768},{"color":1010,"variant":1011},[1769],{"type":430,"value":1770},"description",{"type":430,"value":1772}," for the rule, then make sure the rule is in ",{"type":420,"tag":1008,"props":1774,"children":1775},{"color":1010,"variant":1011},[1776],{"type":430,"value":1777},"Active",{"type":430,"value":1779}," state.",{"type":420,"tag":483,"props":1781,"children":1782},{},[1783,1785,1790,1792,1797],{"type":430,"value":1784},"Then select your data source in the ",{"type":420,"tag":1008,"props":1786,"children":1787},{"color":1010,"variant":1011},[1788],{"type":430,"value":1789},"sources",{"type":430,"value":1791}," section and select the number of ",{"type":420,"tag":1008,"props":1793,"children":1794},{"color":1010,"variant":1011},[1795],{"type":430,"value":1796},"scores",{"type":430,"value":1798}," at the bottom.",{"type":420,"tag":483,"props":1800,"children":1801},{},[1802,1804,1809,1811,1816,1818,1823,1825,1829],{"type":430,"value":1803},"In the ",{"type":420,"tag":1008,"props":1805,"children":1806},{"color":1010,"variant":1011},[1807],{"type":430,"value":1808},"Column Filters",{"type":430,"value":1810}," section, select ",{"type":420,"tag":1008,"props":1812,"children":1813},{"color":1010,"variant":1011},[1814],{"type":430,"value":1815},"column",{"type":430,"value":1817},", then ",{"type":420,"tag":1008,"props":1819,"children":1820},{"color":1010,"variant":1011},[1821],{"type":430,"value":1822},"operator",{"type":430,"value":1824}," and enter the appropriate ",{"type":420,"tag":1008,"props":1826,"children":1827},{"color":1010,"variant":1011},[1828],{"type":430,"value":1808},{"type":430,"value":1830},"value for this scenario.",{"type":420,"tag":483,"props":1832,"children":1833},{},[1834,1835,1840,1842,1847,1849,1854,1856,1861,1863,1868],{"type":430,"value":1803},{"type":420,"tag":1008,"props":1836,"children":1837},{"color":1010,"variant":1011},[1838],{"type":430,"value":1839},"Aggregate Operations",{"type":430,"value":1841}," section, enter an In the ",{"type":420,"tag":1008,"props":1843,"children":1844},{"color":1010,"variant":1011},[1845],{"type":430,"value":1846},"Aggregator Name",{"type":430,"value":1848},". Then select In the ",{"type":420,"tag":1008,"props":1850,"children":1851},{"color":1010,"variant":1011},[1852],{"type":430,"value":1853},"Field",{"type":430,"value":1855}," and select the ",{"type":420,"tag":1008,"props":1857,"children":1858},{"color":1010,"variant":1011},[1859],{"type":430,"value":1860},"Operation",{"type":430,"value":1862}," appropriate for the Field. Finally, select the appropriate ",{"type":420,"tag":1008,"props":1864,"children":1865},{"color":1010,"variant":1011},[1866],{"type":430,"value":1867},"Time Windows",{"type":430,"value":1869}," duration for this scenario.",{"type":420,"tag":483,"props":1871,"children":1872},{},[1873,1875,1879,1881,1886,1888,1891,1893],{"type":430,"value":1874},"Finally, you can click the ",{"type":420,"tag":1008,"props":1876,"children":1877},{"color":1010,"variant":1011},[1878],{"type":430,"value":1045},{"type":430,"value":1880}," button in the top ",{"type":420,"tag":1008,"props":1882,"children":1883},{"color":1010,"variant":1011},[1884],{"type":430,"value":1885},"right corner",{"type":430,"value":1887}," and save the rule.",{"type":420,"tag":433,"props":1889,"children":1890},{},[],{"type":430,"value":1892},"\n   ",{"type":420,"tag":433,"props":1894,"children":1895},{},[],{"type":420,"tag":426,"props":1897,"children":1898},{},[1899,1903],{"type":420,"tag":487,"props":1900,"children":1901},{},[1902],{"type":430,"value":1146},{"type":430,"value":1904},"\nIn this example, the alert system will generate an alarm if there are failed SSH attempts within 60 seconds.",{"type":420,"tag":1906,"props":1907,"children":1908},"siem-rule-builder",{},[],{"type":420,"tag":521,"props":1910,"children":1911},{"id":1155},[1912],{"type":430,"value":1158},{"type":420,"tag":426,"props":1914,"children":1915},{},[1916],{"type":430,"value":1163},{"type":420,"tag":479,"props":1918,"children":1919},{},[1920,1939],{"type":420,"tag":483,"props":1921,"children":1922},{},[1923,1924,1928,1929,1933,1934,1938],{"type":430,"value":1033},{"type":420,"tag":1008,"props":1925,"children":1926},{"color":1010,"variant":1011},[1927],{"type":430,"value":1175},{"type":430,"value":1177},{"type":420,"tag":1008,"props":1930,"children":1931},{"color":1010,"variant":1011},[1932],{"type":430,"value":1182},{"type":430,"value":1184},{"type":420,"tag":1008,"props":1935,"children":1936},{"color":1010,"variant":1011},[1937],{"type":430,"value":1045},{"type":430,"value":1047},{"type":420,"tag":483,"props":1940,"children":1941},{},[1942,1943,1947,1948],{"type":430,"value":1194},{"type":420,"tag":1008,"props":1944,"children":1945},{"color":1010,"variant":1011},[1946],{"type":430,"value":1045},{"type":430,"value":1200},{"type":420,"tag":421,"props":1949,"children":1950},{"icon":423},[1951],{"type":420,"tag":426,"props":1952,"children":1953},{},[1954,1955,1960,1961],{"type":430,"value":1208},{"type":420,"tag":439,"props":1956,"children":1958},{"href":1211,"rel":1957},[443],[1959],{"type":430,"value":1215},{"type":430,"value":1217},{"type":420,"tag":433,"props":1962,"children":1963},{},[],{"title":414,"searchDepth":1222,"depth":1222,"links":1965},[1966,1967,1976,1977,1978],{"id":1266,"depth":1222,"text":1269},{"id":1277,"depth":1222,"text":1280,"children":1968},[1969,1970,1971,1972,1973,1974,1975],{"id":1283,"depth":1228,"text":1286},{"id":1357,"depth":1228,"text":1360},{"id":1401,"depth":1228,"text":1404},{"id":1435,"depth":1228,"text":1438},{"id":1474,"depth":1228,"text":1477},{"id":1535,"depth":1228,"text":1538},{"id":1594,"depth":1228,"text":1597},{"id":1636,"depth":1222,"text":1639},{"id":932,"depth":1222,"text":935},{"id":998,"depth":1222,"text":1001,"children":1979},[1980,1981],{"id":1731,"depth":1228,"text":1734},{"id":1155,"depth":1228,"text":1158},"content:en:5.alert:1.rule-management.md","en/5.alert/1.rule-management.md","en/5.alert/1.rule-management",{"_path":92,"_dir":1986,"_draft":413,"_partial":413,"_locale":414,"title":13,"description":1987,"body":1988,"_type":1253,"_id":2171,"_source":1255,"_file":2172,"_stem":2173,"_extension":1258},"hotspot","This section provides information on Hotspot service.",{"type":417,"children":1989,"toc":2169},[1990,1994,2163],{"type":420,"tag":1991,"props":1992,"children":1993},"timeline",{},[],{"type":420,"tag":1995,"props":1996,"children":1997},"prose-mermaid",{},[1998],{"type":420,"tag":1999,"props":2000,"children":2004},"pre",{"className":2001,"code":2002,"language":2003,"meta":414,"style":414},"language-mermaid shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","graph TD\n  %%  WD[Wireless Devices]\n  %%  WiD[Wired Devices]\n  %%  AP[AP]\n  %%  SW[Switch]\n  %%  FW[Firewall]\n  %%  LOG[Logger]\n  %%  HP[Hotspot Page]\n\n  %%  WD -.DHCP/DNS.-> AP\n    \n  %%  AP --> SW\n  %%  WiD -.DHCP/DNS.-> SW\n  %%  SW --> FW\n  %%  FW --Auth Link--> LOG\n  %%  LOG --Auth Link--> SW\n  %%  LOG --> HP\n","mermaid",[2005],{"type":420,"tag":2006,"props":2007,"children":2008},"code",{"__ignoreMap":414},[2009,2020,2028,2036,2045,2054,2063,2072,2081,2091,2100,2109,2118,2127,2136,2145,2154],{"type":420,"tag":2010,"props":2011,"children":2014},"span",{"class":2012,"line":2013},"line",1,[2015],{"type":420,"tag":2010,"props":2016,"children":2017},{},[2018],{"type":430,"value":2019},"graph TD\n",{"type":420,"tag":2010,"props":2021,"children":2022},{"class":2012,"line":1222},[2023],{"type":420,"tag":2010,"props":2024,"children":2025},{},[2026],{"type":430,"value":2027},"  %%  WD[Wireless Devices]\n",{"type":420,"tag":2010,"props":2029,"children":2030},{"class":2012,"line":1228},[2031],{"type":420,"tag":2010,"props":2032,"children":2033},{},[2034],{"type":430,"value":2035},"  %%  WiD[Wired Devices]\n",{"type":420,"tag":2010,"props":2037,"children":2039},{"class":2012,"line":2038},4,[2040],{"type":420,"tag":2010,"props":2041,"children":2042},{},[2043],{"type":430,"value":2044},"  %%  AP[AP]\n",{"type":420,"tag":2010,"props":2046,"children":2048},{"class":2012,"line":2047},5,[2049],{"type":420,"tag":2010,"props":2050,"children":2051},{},[2052],{"type":430,"value":2053},"  %%  SW[Switch]\n",{"type":420,"tag":2010,"props":2055,"children":2057},{"class":2012,"line":2056},6,[2058],{"type":420,"tag":2010,"props":2059,"children":2060},{},[2061],{"type":430,"value":2062},"  %%  FW[Firewall]\n",{"type":420,"tag":2010,"props":2064,"children":2066},{"class":2012,"line":2065},7,[2067],{"type":420,"tag":2010,"props":2068,"children":2069},{},[2070],{"type":430,"value":2071},"  %%  LOG[Logger]\n",{"type":420,"tag":2010,"props":2073,"children":2075},{"class":2012,"line":2074},8,[2076],{"type":420,"tag":2010,"props":2077,"children":2078},{},[2079],{"type":430,"value":2080},"  %%  HP[Hotspot Page]\n",{"type":420,"tag":2010,"props":2082,"children":2084},{"class":2012,"line":2083},9,[2085],{"type":420,"tag":2010,"props":2086,"children":2088},{"emptyLinePlaceholder":2087},true,[2089],{"type":430,"value":2090},"\n",{"type":420,"tag":2010,"props":2092,"children":2094},{"class":2012,"line":2093},10,[2095],{"type":420,"tag":2010,"props":2096,"children":2097},{},[2098],{"type":430,"value":2099},"  %%  WD -.DHCP/DNS.-> AP\n",{"type":420,"tag":2010,"props":2101,"children":2103},{"class":2012,"line":2102},11,[2104],{"type":420,"tag":2010,"props":2105,"children":2106},{},[2107],{"type":430,"value":2108},"    \n",{"type":420,"tag":2010,"props":2110,"children":2112},{"class":2012,"line":2111},12,[2113],{"type":420,"tag":2010,"props":2114,"children":2115},{},[2116],{"type":430,"value":2117},"  %%  AP --> SW\n",{"type":420,"tag":2010,"props":2119,"children":2121},{"class":2012,"line":2120},13,[2122],{"type":420,"tag":2010,"props":2123,"children":2124},{},[2125],{"type":430,"value":2126},"  %%  WiD -.DHCP/DNS.-> SW\n",{"type":420,"tag":2010,"props":2128,"children":2130},{"class":2012,"line":2129},14,[2131],{"type":420,"tag":2010,"props":2132,"children":2133},{},[2134],{"type":430,"value":2135},"  %%  SW --> FW\n",{"type":420,"tag":2010,"props":2137,"children":2139},{"class":2012,"line":2138},15,[2140],{"type":420,"tag":2010,"props":2141,"children":2142},{},[2143],{"type":430,"value":2144},"  %%  FW --Auth Link--> LOG\n",{"type":420,"tag":2010,"props":2146,"children":2148},{"class":2012,"line":2147},16,[2149],{"type":420,"tag":2010,"props":2150,"children":2151},{},[2152],{"type":430,"value":2153},"  %%  LOG --Auth Link--> SW\n",{"type":420,"tag":2010,"props":2155,"children":2157},{"class":2012,"line":2156},17,[2158],{"type":420,"tag":2010,"props":2159,"children":2160},{},[2161],{"type":430,"value":2162},"  %%  LOG --> HP\n",{"type":420,"tag":2164,"props":2165,"children":2166},"style",{},[2167],{"type":430,"value":2168},"html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":414,"searchDepth":1222,"depth":1222,"links":2170},[],"content:en:6.hotspot:1.introduction.md","en/6.hotspot/1.introduction.md","en/6.hotspot/1.introduction",1775654251490]