Create an event notification
Create an event notification in the UI
- Go to https://app.stairwell.com and login
- Select the gear icon on the bottom left
- Select
Event Notifications - Select
Create Event Notification - On the
Detailsscreen...- Type the desired notification name
- Select the desired object environment(s)
- Select
Next
- On the
Conditionsscreen...- YARA Rule Match will match any YARA rule in the environments selected on the conditions screen to any object in the environments selected on the details screen
- Recommendation:
Pro Rules,Stairwell Research Rules, and user environments that have YARA rules
- Recommendation:
- Threat Report Indicator Match will match any Threat Report IOC in the environment selected on the conditions screen to any object in the environments selected on the detail screen
- Default:
Threat Report Feeds(recommended to not change this unless custom feeds have been setup)
- Default:
- High Confidence Mal-Eval Score will match any high confidence Mal-Eval score to any object in the environments selected on the detail screen.
- Objects Marked Malicious will match any malicious opinion to any object in the environments selected on the detail screen.
- Select
Next
- YARA Rule Match will match any YARA rule in the environments selected on the conditions screen to any object in the environments selected on the details screen
- On the
Destinationsscreen...- Select the destination type:
Webhook,API, orEmail - Type in the
URIorEmail Addressesdepending on the type above - Select
Test - Select
Save
- Select the destination type:
Delivering notifications to Slack
If you have a Slack webhook , you can send notifications to a channel by using the https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXXlink as your destination URL. The Slack JSON format is well suited to these messages, and will provide details about each match in your environment.
Updated 3 months ago