Create an event notification
Create an event notification in the UI
- Go to https://app.stairwell.com and login
- Click on the settings icon on the left menu
- Select the "Event notifications" tab under the "Integrations" section
- Select "Create Event Notification"
- On the "Details" screen:
- Type the desired notification name
- Select the desired object environment(s)
- Select "Next"
- On the "Conditions" screen:
- YARA Rule Match will match any YARA rule in the environments selected on the conditions screen to any object in the environments selected on the details screen
- Recommendation:
Pro Rules,Stairwell Research Rules, and user environments that have YARA rules
- Recommendation:
- Threat Report Indicator Match will match any Threat Report IOC in the environment selected on the conditions screen to any object in the environments selected on the detail screen
- Default:
Threat Report Feeds(recommended to not change this unless custom feeds have been setup)
- Default:
- High Confidence Mal-Eval Score will match any high confidence Mal-Eval score to any object in the environments selected on the detail screen.
- Objects Marked Malicious will match any malicious opinion to any object in the environments selected on the detail screen.
- Select "Next"
- YARA Rule Match will match any YARA rule in the environments selected on the conditions screen to any object in the environments selected on the details screen
- On the "Destinations" screen:
- Select the destination type:
Webhook,API, orEmail - Type in the
URIorEmail Addressesdepending on the type above - Select "Test"
- Select "Save"
- Select the destination type:
Delivering notifications to Slack
If you have a Slack webhook , you can send notifications to a channel by using the https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXXlink as your destination URL. The Slack JSON format is well suited to these messages, and will provide details about each match in your environment.
Updated about 1 month ago