Guide

Create an alert

Suggest Edits

You create alerts so you can:

  • know an attack is occurring and take action to stop it
  • respond quickly

You create an alert by configuring its filter, threshold, and settings.

📘

You can have up to 10 customer-owned and 10 Akamai-owned alerts per security configuration, so there can be up to 20 alerts in total. You can see your current quota count at the bottom of the left-hand column on the alert setup page.

  1. In Web Security Analytics, go to the banner at the top of the page and select the security configuration.

  2. Click the Statistics header.

  3. On the upper right of the screen, click Alerts.

  4. In panel on the left, in the header, click add alert. To create an alert:

    • based on a predefined template, select the template from the menu.
    • from scratch, select New Alert.

Set up an alert filter

You can use filters to target your alert on specific attack vectors.

  1. Select the Filter tab.

  2. On the upper right of the screen, click Filters filter and set the data filter for traffic you want see.

    For example, say you want to know when a web application security firewall rule violation triggers a Deny action. Under Common, select Attack Type matches WAF and then add another filter selectng Common > Action Applied matches Deny.

    Click Save to apply the filter

  3. Click Copy Filter below to Alert to copy the filter information to the alert's Filter.

Set up an alert threshold

Setting the alert's threshold determines under what conditions it triggers.

  1. Click the Threshold tab.

  2. Select either the Predefined sensitivity button to choose from three predefined threshold levels or the Advanced sensitivity button to define a custom threshold.

  3. Optional: You can group the request count by one or more dimensions—Connecting IP Address, Connecting Country/Area, Hostname, Path, Policy, and Status Code —by selecting them from the menu under Count requests grouped by the following dimensions.

When you group the requests by dimensions, the conditions based on which thresholds increase become more specific. For example, if you group by hostname and specify a threshold of 10, the associated alert will trigger only if more than 10 requests hit a specific hostname (for example, hostname A). If 6 requests hit hostname A and another 5 requests hit hostname B, the alert won't trigger.

Configure alert settings

Alert settings include properties like alert name, description, email addresses where alert should be sent, and alert priority.

  1. Select the Settings tab.

  2. Select the desired Priority of the email notifications (Low, Medium, or High).

    Priority won't affect how the system processes alerts, but rather is for your informational use.

  3. Enter an Alert Name and, if you want, an Alert Description.

    Ensure these two fields are descriptive and meaningful. Both the name and the description are visible in the user interface and alert notification emails.

  4. If you want, enter the email addresses (Send Email to) to get a notification when an alert is triggered.

    📘

    If you need to send an alert notification to many recipients, use a mailing list rather than individual addresses.

  5. If you want to enable the alert right away, click the Disabled slider to move it to Enabled.

  6. Click Save.

  7. In the Create Alert dialog's Comment box, enter a comment for the operation and click Create.

Updated 28 days ago