Document toolboxDocument toolbox

Assign a sending policy to an alert definition

Owned by Borja Moro Moreno
Last updated: Oct 02, 2024
2 min read
[ 1 About sending policies assignation ] [ 2 What permissions do I need? ] [ 3 How to assign sending policies ] [ 4 How to create and manage sending policies ]

About sending policies assignation

When you create an alert definition in the data search window, you can find a dedicated section at the bottom of the alert creation window to assign sending policies (see Alert definition settings to know more). However, you can assign a different one afterwards in the Alert configuration area (Administration → Alert configuration).

10_Assign a sending policy to an alert definition.png

What permissions do I need?

To assign sending policies to alert definitions, the Alert configuration (manage) permission is required. This permission allows access to the alert configuration area where this task is performed.

5_Assign a sending policy to an alert definition.png

How to assign sending policies

The names of the chosen policies appear under the Active policies column. If you choose not to send notifications, a hyphen (-) appears instead so that you can easily recognize alerts that will not be notified.

You have two different options to assign sending policies to alert definitions: you can either edit the alert definition and change it there (see Edit alert definitions to know more) or proceed as explained below.

  1. Find the desired alert and click the paper airplane icon that appears under the Active Policies column.

  2. The Sending Policy window opens for you to specify the Alert notification method and Assigned policies (see the options explained in the table below).

  3. Click Apply when you finish.

Alert notification method

Alert notification method

Policy based: if you select this option, the notification procedure will be based on existing sending policies.

 

Assigned policies: if you select the policy-based option, you must check one or more checkboxes corresponding to the sending policies you want to assign.

No notification: if you select this option, no user will be notified when an alert is triggered. This simply means that the alert will not be notified, not that it is not triggered or registered (they will be listed in the Alerts overview area and the siem.logtrust.alert.info table).

Default method: if you select this option, only the default sending policy will be used for the notification procedure. This is the default option when you create an alert.

How to create and manage sending policies

You can create new sending policies that will be available to use in the dialog shown above, as well as manage existing ones in the Alert policies tab. Visit the articles below to know all the details about sending policies.