For Logsign SIEM alert rules, it is possible to create notifications by means of e-mail, SMS and security automation.
You can identify the notifications for each alert rule on the Action and Notification field.
For instance, we could choose an alarm rule to see how a notification is identified:
First of all, open the Alerts > Alert Rules page from Logsign SIEM WEB interface. Choose an alert among the alert groups and click “edit”.
We can identify the notifications on the Action and Notification field on the lower part of the opening page.
Action Column: It is the value we expect as the result of the alert. The value here is the equivalent of the column we will choose within the data that produces the alert.
E-mail: It is the field on which the e-mail notification is identified. Mail Settings should be identified firstly.
SMS: It is the field on which the SMS notification is identified. SMS Settings should be identified firstly.
Security Automation: It is the field which is automatically notified for the action to be taken for the firewalls integrated with the value on the Action Column as a result of the created alert. Custom Action Devices should be identified firstly.