Understanding of Fully Automatic Response Technology with Action Rule

While you are using the Logsign Unified Security Operations Platform product for log analysis, you can also trigger the security device/product you have. When the alert rules on the Logsign are triggered, you can take action for the policy you have created in your security device/product.

To use the Logsign Custom Action Device service, the device/product must be added as a source on Logsign.

Using the Logsign WEB interface, we click the Settings -> Integrations -> Responses tab.

mceclip0.png

After the response integrations are defined, the desired action can be used for the desired alarms.

Go to Settings> Alerts & Behaviors> Action Rules and click on "+Add" button to create a new Action Rule.

mceclip1.png

In the opened window; the name of the action is defined, the alarms to be taken are selected and sent to the right. Then click on the next button and proceed.

mceclip2.png

In the new window that opens, the "New Action" button is clicked and the desired action is created by selecting the integrations defined under response before.

mceclip4.png

mceclip5.png

The desired response is selected from the response integration list and the required fields are filled according to this integration as follows.

mceclip6.png

Device: Response Integration

Method: Actions that can be taken according to the selected integration.

IP: Column name to take action

Group Name: Group name containing blocked IPs in the integration.

Expire Time: It is determined how long the IPs that enter the group will remain in this list.

 

Click on the next button for the next stage.

mceclip7.png

The specified settings are checked and the action rule is saved.

mceclip8.png

mceclip9.png

 

 

Was this article helpful?
0 out of 3 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.