​NetFort Tips & Tricks - How to create custom event rules with the LANGuardian Metadata Rules Alerting Engine​

  • 1
  • Idea
  • Updated 1 year ago
We have been working to make the LANGuardian alerting engine more powerful and flexible.

Custom Event Rules is a powerful feature in LANGuardian version 14.2 onward that allows users to define a custom rule that can be used to trigger alerts for any suspicious activity that may appear on their network.

You may already know, but in case not; NetFort recently introduced a metadata rules alerting engine that will allow you to create your own rules and alerts based on network flows, access to data via SMB file and directory actions, HTTP web access, SMTP emails and attachments etc. or based on limits and behaviour.

The manage alert rules page can be directly accessed @

https://x.x.x.x/alerts/alerts.cgi

The 'Security :: Network Events (User Defined)' report will show all user defined events.
Click View/Mark signature to email if the user defined event is detected.

Check out our Help pages which will take you step-by-step through the building of custom event rules. We have posted some alert rule use cases, including rule description and syntax on the NetFort Forum.

If you need assistance with the LANGuardian Metadata Rules Alerting Engine, or any aspect of LANGuardian, we can provide support via phone, email or web session. Just let us know what time works best for you and we will schedule it accordingly.
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 390 Posts
  • 8 Reply Likes

Posted 1 year ago

  • 1

Be the first to post a reply!