Why SIGNL4
Log Rhythm is a SIEM platform that helps detect and stop cyber threats. The monitoring dashboard gives a great overview of your setup but where SIGNL4 comes in is at the alerting level. Currently Log Rhythm will send an email to specified parties when an alarm is raised. SIGNL4 allows for those emails to be directed to the right people at the right time. With on-call duty scheduling and a tiered escalation to a manager, SIGNL4 ensures that the email will not be lost in a sea of emails.
How it Works
SIGNL4 team email address establishes connection with Log Rhythm to enable mobile notification and alerting capabilities for operational and network teams.
Integration Capabilities
Scenarios
Tickets and Incidents are sent to SIGNL4
Event categorization, routing and automated delivery
Persistent Notifications by push, text and voice call with Tracking, Escalation and Confirmation to Staff on Duty
HOW TO INTEGRATE
In our example we are going to forward Log Rhythm alarm via email to the SIGNL4 email address. This will alert all team members on duty via Push, SMS and Voice notifications.
SIGNL4 is a mobile alert notification app for powerful alerting, alert management and mobile assignment of work items. Get the app at https://www.signl4.com
Prerequisites
A SIGNL4 (https://www.signl4.com) account
A Log Rhythm (https://www.Log Rhythm.com/) account
First, we need to crate a user to target alerts to. Follow these steps taken from the Log Rhythm documentation to create a new user.
On the main toolbar, click Deployment Manager.
The Is Person an Individual? dialog box appears.
The Person Properties dialog box appears.
Choose from the following:
In the Display Name field, enter the name of the role being created (for example, Restricted Analyst or Restricted Administrator).
If not already selected, click the Contact Methods
In the Contact Methods tab, select the methods the alarming engine uses to contact this user or role when an alarm associated with them has been triggered.
Note: The Notification Policy Manager automatically filters out Alarm Notification Policies that do not match the type selected in Contact Method Type.
Click Save. The selected contact method appears in the Contact Methods field.
Repeat the process as necessary to include all contact methods you want.
Click the Additional Information tab and type a Brief Description or Additional Details, as needed.
Click the Permissions tab.
Select the appropriate permissions for this user or role from the Permissions list.
Click OK.
Alarms targeted to this user will now raise alerts within SIGNL4. Here is an example of an email that is typically received from Log Rhythm.
ALERT OPTIMIZATION
SIGNL4 can further increase the visibility of alerts through its Signals and Services section. Augmenting the color and icon of alerts will provide more relevant information at a glance without having to open the alert.