Device alerts

The Alerts section allows you to set up alerts for a device.

Alerts are sent by email to the email address of the logged in user.

Types of alerts

Cyberweather alert

When the level changes

Every hour, the cyber weather level of the day is evaluated. If it has increased compared to the last assessment, an alert is sent.

Daily cyberweather report

The report is an alert that is sent out every day with the previous day's cyber weather.

The alert is triggered every day at the first hour (local time of the device).

Flow alerts

Toxic flows

The toxic flow alert is triggered when flows with one or more toxic IP addresses have been reported by the device. This is done every hour.

Suspect flows

The Suspicious Flow Alert is triggered when flows to one or more IP addresses in the Suspicious Remote IP Addresses list are reported by the device.

Critical flows (discontinued)

The critical flow alert is triggered when flows with one or more toxic IP addresses with a critical threat are brought up by the device.

This alert has been deleted. You can use advanced alerts by selecting the type(s) of threat for which an alert should be triggered.

Bandwidth alert

If a single endpoint on the network generates more than 40% of the network flows within an hour, then a bandwidth alert will be sent.

Disconnection alert

If the device does not report any logs for more than one hour, then its status changes to disconnected and the alert is triggered.

In addition, when the device reconnects to services, a reconnection alert will be sent.