As SenseDeep detects attacks and threats, it may increase your security status as shown on the SenseDeep dashboard. If the security status changes, you will be notified. In any event, new alerts will be logged in the Alert List.
The Alert list is your inbox of security events. You should examine and dispatch each incoming alert. You may choose to just ignore some alerts. For others, you will need to address the underlying security issue. As you dispatch each alert, the security status for your account will be recomputed until all attacks and threats have been resolved.
When you click on an alert in the Alert List, you can examine it in detail. The alert details screen shows the full context of the threat that triggered the alert.
The Alert Details display the full information about the security alert with actions to resolve the alert issue. The fields displayed will vary depending on the threat. Here are some of the common fields displayed:
- Time — Time the threat was detected.
- Name — Name of the underlying threat rule check that was triggered.
- Description — The common description of the threat check.
- Message — Descriptive message of this alert.
- Service — The name of the cloud service.
- Group — Any instance group of hosts.
- Instance — AWS Instance ID
- Host — Host name
- IP — Host IP address
- Attack — SenseDeep Attack status
- Threat — SenseDeep Threat level
- Signature — Matching signature used when creating responses.
- Count — Number of times threat was detected
To dispatch and resolve the alert, you can click on the Dispatch button to fully control how you dispatch the alert. Alternatively you can click on one of the Quick Actions to ignore the alert and remove it from the alert list. Quick actions are useful to quickly and simply ignore a single alert.
Invoking the Dispatch option will then ask you how to resolve the alert. Your options are:
- Resolve this alert only
- Resolve all similar alerts for your entire account
- Resolve all similar alerts and suppress future alerts
If you choose to to suppress future alerts an automated response will be created and you can customize the response and configure automated defenses. Read more in Automated Responses.
If a service or host is put into Maintenance mode via Modify Service, then alerts will be supressed from the service and the alerts will not impact the account security status while the service is in maintenance mode.