Secure Internet and SaaS Access (ZIA)
About Security & UEBA Alerts
Watch a video about Security & UEBA Alerts including configuration
The Security & UEBA alerting framework provides a comprehensive solution to view, manage, create, and adjust the alert rules. The security alerts constantly filter and evaluate all the logs generated from your organization's traffic to trigger new alerts. The User and Entity Behavior Analytics (UEBA) alert rules for the inline and API channels cover multiple events and alert types based on your organizational requirements. This article provides the details of Security alerts and UEBA alerts.
- Security Alerts
The security alerts constantly filter and evaluate all the logs generated from your organization's traffic to trigger new alerts. The security alerts provide high-level statistics of each event type and threat severity. It is a centralized console to view and manage all alerts within the existing tenants. You can configure various events under Security Alerts.
The security alert workflow is created to ensure optimum security for your organization.
Close - UEBA Alerts
UEBA is a cybersecurity technique that focuses on detecting and analyzing abnormal behaviors exhibited by users and entities within an organization's network environment. It uses advanced analytics to study user activities that indicate potential security threats or insider threats.
By monitoring and analyzing user activities, such as logins, file accesses, data transfers, and application usage, UEBA alerts can detect deviations from normal behavior, flagging suspicious activities for further investigation and response.
The ZIA UEBA alerts provide extensive functionality to detect and respond to flagged activities. This alert type is available for Inline and API channels for better monitoring.
Close
Ensure that you enable the alert rules and set up the alert notification delivery. You can either use email aliases or webhooks to receive alert notifications. After the alert rule is set up, you can start investigating the generated alerts by viewing the various available widgets or the alert summary table. You can create new rules or edit existing rules based on organizational requirements or team responsibilities.
The Security and UEBA Alerts provide the following benefits and enable you to:
- View, manage, and customize your alerts with ease.
- Stay secure and informed about critical security events by constantly evaluating your organization’s logs and real-time notifications.
- Keep track of all alerts with the help of high-level statistics and a centralized console.
- Leverage advanced analytics to establish baseline behavior patterns and identify anomalies.
About the Alerts page
On the Alerts page (Alerts > Alerts), you can do the following:
- View the details of all ongoing alerts.
- View the list of alert history.
- View the overview section that provides a graphical representation of the impacted systems and threat event types along with the total number of impacted locations, systems, departments, and ongoing alerts.
- View the alert summary table.
- Hide the alert summary table filters.
- Download a CSV file of the ongoing alert details.
- Select a time period to display the overview and alert summary for the alerts from the drop-down menu.
- Go to the Alert Rules page.
- Go to the Webhooks page.
