Help Center> SecMaster> User Guide> How to Use Playbooks> Real-time Notification of Critical Organization and Management Operations> Enabling an Alert Model
Updated on 2024-04-11 GMT+08:00
View PDF

Enabling an Alert Model

Scenario

Before using Real-time notification of critical Organization and Management operations playbook, you need to enable some alert models, including the ones for O&M - Attaching NICs, O&M - Creating VPC peering connections, and O&M- Binding EIPs to resources.

This topic describes how to enable an alert model.

Procedure

Creating an alert model

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  4. In the navigation pane on the left, choose Threat Operations > Intelligent Modeling. On the displayed page, click the Model Templates tab.

    Figure 2 Model Templates tab

  5. In the model template list, click Details in the Operation column of the target model template. The template details page is displayed on the right.

    Figure 3 Template details

  6. On the details page, click Create Model in the lower right corner. The page for creating an alert model is displayed.
  7. On the Create Alert Model page, configure basic information.

    • Pipeline Name: Select an execution pipeline for the alert model.
      Table 1 Available pipelines

      Alert Template

      Execution Pipeline

      O&M - Attaching a NIC

      sec-cts-audit

      O&M - Creating a VPC peering connection

      O&M - Binding EIPs to resources
    • Retain default values of other parameters.

  8. After the setting is complete, click Next in the lower right corner of the page. The page for setting the model logic is displayed.
  9. Set the model logic. You are advised to retain the default value.
  10. After completing the basic settings, click Next in the lower right corner of the page.
  11. After confirming that the model is correct, click OK in the lower right corner of the page.
  12. Repeat 5 to 11 to create alert models with other templates.

Enabling an alert model

  1. In the navigation pane on the left, choose Threat Operations > Intelligent Modeling.

    Figure 4 Available Models

  2. To enable models in batches, select all models you want to enable and click Enable in the upper left corner of the list.
  3. If the model status changes to Enable, the model is successfully enabled.