Alerts
Alerts are automated notifications generated by Trisul's monitoring engine in response to predefined network activity, security anomalies, or system events.
Trisul allows administrators to set up alerts based on network activity, that enables real-time monitoring and notification of potential issues or security threats.
Alerts Viewing Options
Generated alerts can be accessed through two methods:
Alerts Bar
Alerts are displayed on the top right corner of the user home screen, updating automatically within a 1-minute interval.
Figure: Alerts and Notification Bar
Alerts Menu
Alerts can be analyzed in detail through the dedicated Alerts menu from the user home menu, providing a comprehensive view of network activity.
Figure: Alerts Menu
Alerts Notification Options
Trisul supports multiple notification channels for alert dispatch:
- SYSLOG: Alerts can be forwarded to SYSLOG servers for centralized logging and analysis.
- EMAIL: Alerts can be sent to designated email addresses, enabling prompt notification and response.
- SMS: Alerts can be dispatched via SMS notifications, ensuring timely alerting and escalation.
The Email and SMS services work by reading the SYSLOG alerts. Ensure SYSLOG forwarding is enabled for each alert type.
Types of Alerts in Trisul
Trisul ships with 7 types of alerts.
| Alert Types | Description |
|---|---|
| Threshold Crossing Alerts | Alerts triggered when a meter value (example: network traffic, bandwidth usage) exceeds fixed high or low watermarks for a specified time. |
| Flow Tracking Alerts | Alerts generated when network flow behavior deviates from expected patterns. |
| Blacklist Alerts | Alerts generated when blacklisted indicators (example: known malicious IP addresses, domains, or URLs) are detected. |
| IDS Alerts | Alerts triggered when the system interfaces with external Intrusion Detection Systems (IDS) like Suricata. |
| Threshold Band Anomaly Alerts | Alerts triggered when a meter value drifts outside a "trained" band of normal values. |
| System Alerts | Alerts generated by Trisul's self-monitoring system, including Packet drops, Memory pressure. |
| User Alerts | User-defined alerts triggered to notify them of specific events or conditions that are important to them |
This documentation covers a comprehensive guide on Trisul's alerting system including Alerts Classifications, Managing Alerts, Alerts Notification Channels and their Configuration.
Navigate the following topics in a sequential manner to facilitate a logical flow of information.
📄️ Manage Alert Groups
An “Alert Group” represents a type of alert. Trisul is pre-configured with 7 alert types. Each Alert Group serves as the logical container for organizing and managing alerts based on their respective types. This section explains how admins can manage individual alert groups and configure them in the Admin panel.
📄️ Email Alert Delivery
This page describes how you can configure Trisul to send you an email when any alert fires.
📄️ Threshold Crossing Alerts (TCAs)
Overview
📄️ Flow Tracker Alerts
Having previously configured Flow Trackers as described in our prior documentation, we will now proceed to outline the procedures for generating alerts based on these Flow Trackers. This section will focus on the creation and configuration of Flow Tracker Alerts, that enables the detection of specific flow activity and triggers notifications in response to pre configured threshold criteria.
📄️ Real Time Alert Stabber
The real time alert stabber is designed to be the central place for viewing IDS alerts. The idea is to explore alert activity from various angles using animation and an interactive UI.
📄️ Malware and Blacklist Alerts
This feature requires the Trisul Badfellas plugin
📄️ Monthly Summary
Trisul will show you alerts grouped by Priority. You can click on the totals and get a further breakup grouped by type.
📄️ SMS Alert Delivery
If you have access to an SMS Message Gateway you can dispatch alerts via SMS to your Mobile phone.
📄️ Threshold Band Anomaly Alerts
Overview
📄️ Summary of All Alerts
Trisul provides two convenient ways to view a summary of all alerts:
📄️ Detecting Volumetric Attacks
Using the TCA Threshold Crossing Alerts and the TB Threshold Band Alerts it is easy to configure Trisul Network Analytics to detect volumetric attacks such as DDoS Distributed Denial of Service.
📄️ Microsoft Teams delivery
Trisul can automatically send alerts to Microsoft Teams via an Incoming Webhook URL.