Help Center/ SecMaster/ Getting Started/ Step 4: Configure and Enable Related Checks/ Enabling an Alert Model
Updated on 2024-11-14 GMT+08:00
View PDF
Share

Enabling an Alert Model

After you enable log access, SecMaster can use models to monitor log data in pipelines. If SecMaster detects the data that hits trigger conditions in a mode, SecMaster generates an alert.

For the first workspace in each region, SecMaster automatically enables some preconfigured models. For non-first workspaces in each region, you need to enable preconfigured models manually and create custom alert models to meet your operation needs.

If you want to use a model that is not enabled by default or enable a model in a new workspace, perform the following procedure.

The following part describes how to create and enable a model.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  5. In the navigation pane on the left, choose Threat Operations > Intelligent Modeling, and select the Model Templates tab.

    Figure 2 Model Templates tab

  6. In the model template list, locate the target model template and click Details in the Operation column. On the template details panel displayed on the right, click Create Model in the lower right corner.
  7. On the Create Alert Model page, configure basic information.

    • Pipeline Name: Select a pipeline for the alert model. You can select a pipeline based on the Usage constraints in the description.
      Figure 3 Obtaining a pipeline name
    • Retain default values of other parameters.

  8. Complete all settings and click Next in the lower right corner of the page. The page for setting the model logic is displayed.
  9. Set the model logic. You are advised to retain the default value.
  10. Complete all settings and click Next in the lower right corner of the page.
  11. Review all settings and click OK in the lower right corner of the page.
  12. Repeat 6 to 11 to create alert models with other templates.