Alerts

Learn about the proper techniques for reviewing notifications.

Review notifications

Most SIEM solutions provide the ability to perform a specific action based on receiving an alert from a security device. Examples of these actions can include sending an email or adding an item to a dashboard. The response actions taken by an SIEM need to get security analysts’ attention so that they’re responded to quickly. If the SIEM sends notifications, the organization’s existing messaging solution should be leveraged. This could be the organization’s email infrastructure or a simple messaging service (SMS). The information contained in these notifications should be reviewed to ensure that sensitive information isn’t inappropriately disclosed. This review should include ...