Overview
Scenario
SecMaster provides a built-in playbook that can automatically rename alert names. You can customize alert names with this playbook to meet your needs.
How the Playbook Works
The Automatic renaming of alarm names playbook has matched the Automatic renaming of alarm names workflow. To configure this playbook, you need to configure the matched workflow and plug-ins the workflow uses.
The Automatic renaming of alarm names workflow has four plug-in nodes, one for obtaining alert type IDs, one for obtaining alert details, the SecMasterBiz node, and one for updating alert names. In this workflow, you only need to configure the SecMasterBiz node. This node is used to customize alert names.
Limitations and Constraints
Currently, only names for web shell attack alerts can be modified.
Verification
The following figure shows default alert names.
The following figure shows customized alert names.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot