Generate alerts for critical events
Halo Logging and Alerting
Halo logging and alerting is a built-in service that captures event information generated by all of the Halo security modules, by Halo user actions, and by actions on Halo-protected servers. Halo stores these events centrally, and reports on them in a variety of forms, including summaries and details displayed in the Halo portal, email alerts sent to administrator inboxes, and event data exported to third-party analytical tools.
Logging and alerting is always "on" and available to all Halo users, but you decide what and how much you want logged and who needs to be notified. For example:
- Most of Halo's policy-based security modules allow you to separately turn logging or alerting on or off for each rule in a policy, to flag the more serious ones as Critical, and to generate email alerts for the most serious of them.
- You can implement a special events policy to control the logging and alerting of server-related events across your infrastructure.
- You can control which routine audit events (logins, policy assignments, password changes, and so on) should be logged or alerted on.
- You can create alert profiles, which control who should receive email alerts for various events
To review logged events, you can view alerts in your email inbox, you can view event summaries on the Halo portal dashboard page, you can view and search for events on several other portal pages.
Integrating Events with Analytical Tools. The Halo API includes the capability to export complete or filtered event information that you can then feed into a variety of third-party analytical tools. CloudPassage has used this capability to create an integration tool (Halo Event Connector) that you can use out-of-the-box for this purpose.
When Halo detects security events, it logs them and displays them in the Halo portal. Halo also can send email alerts to appropriate administrators when specified events occur.
To set up alerting for your organization, you create one or more alert profiles and assign them to server groups. Each profile lists a set of alert recipients. Halo can send an alert to more than one person, a recipient does not have to be a Halo user, and different types of alerts can go to different recipients.
Note: Setting up your own alert profiles is optional. Halo automatically assigns a default alert profile, consisting of all Halo site administrators in the server group to which the profile is assigned. You need to create a custom profile only if you want alerts to go to other people.
To create an alert profile and add it to a server group:
- In the Halo portal, click the Policies menu to display the All Policies page, then click New and select Alert Profile.
- Name the profile, optionally add a description, and select an alerting frequency (default = "Instant").
- Click Add Halo Users and select the Halo users who should receive alerts.
Optionally click Add External Recipient to add people who are not Halo users (name and valid email address required).
- Select who should receive non-critical alerts, critical alerts, or both.
- Click Save to save the profile.
- Return to the Environment page and, in the group tree, select a group to which to assign the profile. Click Settings and open the Alert Profiles subtab. Then choose your newly created profile from the drop-down list. Then click Save.
The alert profile is now assigned to that server group. The users listed in the profile will receive alerts from events that occur in that group.
// <![CDATA[ var pdfTitle="Halo QuickStart and Tour"; var pdfURL="http://res.cloudinary.com/ljufltxil/image/upload/document_images/quickstart2/halo-quickstart-and-tour.pdf"; specifyPDF(pdfTitle, pdfURL); // ]]>