Alerts
enStratus will alert users to events that happen in cloud accounts. Alerting is typically accom- plished via email, and alerts can also be accessed via the enStratus console.
enStratus categorizes alerts on a scale of 1 to 10. Alerts with rating 10 are considered the most severe while alerts rated 1 are the least severe. enStratus groups alerts into three categories, Low, Medium, and High, according to the table shown below.
| Alert Level | Rating |
|---|---|
| 1-3 | LOW |
| 4-6 | MEDIUM |
| 7-10 | HIGH |
Alerts are accessible through several areas. Any alerts you have will be displayed in the lower left hand side of the enstratus console, as part of the status ”tray”. The alerts are grouped according to their severity, with the most severe alerts starting on the left.
Clicking on any of the alert boxes in the status tray will activate a slide out window showing at most the five most recent alerts. Alerts may be cleared or viewed in their entirety by selecting clear all or view all in the slide out window.
If there are more than five alerts in total, it is usually more useful to navigate to the Console/Alerts page. On this page, a summary of all alerts is displayed and each alert can be viewed in detail by selecting the show detail link.
Alerts are triggered by events that take place inside of the cloud infrastructure. An alert may be triggered as a result of a successful backup of a service or as a result of an unauthorized access attempt on a server.
On enStratus supplied servers, a Host Intrusion Detection System is configured that will supply alert information about events that happen on a server such as port scanning and changes in file hash signatures.
The alerting system within enStratus is extensible and can be adapted to alert on client-specific rules or systems.
Configuring Alerts
To configure the alerts settings for your account, navigate to Account Settings > Account Preferences.
- ALERT INTERVAL: The alert interval sets the time interval between when alerts are sent.
- FINAL ALERT: The time, in minutes, when the final alert will be sent
- ALLOW USER ALERTS: Allow users other than the administrator to receive alerts.
- GLOBAL ALERT EMAIL: The email address to which alerts will be sent.
- GLOBAL EMAIL THRESHOLD: Sets the severity level that governs the level an alert must reach before it is sent to the global alert email.
- FORWARD TO NOTIFICATION TOPIC: These topics are created under Platform > Noti- fication Topics. A copy of the alert will be published to the notification topic.
Firewall Activity Log
enStratus tracks changes that are made to firewalls and makes those changes accessible via the enStratus console. To view the contents of the firewall activity log, navigate to Console > Reports and select the Firewall Activity tab.
enStratus will display the firewall rules that apply to each firewall. The firewall selector is shown in the lower left part of the display window. The figure below shows the firewall rules for an example.
Clicking on See Full Report will generate a page that has all of the firewalls listed with an option to print. This is particularly useful for meeting audit requirements.
Firewall Change Log
Another feature that is useful for meeting security requirements is the ability to view a change log of firewall events. For example, using the same firewall report shown above, to view a chronological history of when changes were made to each firewall, navigate to Console > Reports and select the Firewall Change Log tab.
This tab has very similar functionality to the Firewall Activity tab.
Example Alerts
Click here to see several examples of the types of alerts enStratus will produce as it monitors and manages cloud activities.
Updated: 08-01-2011: