Notifications

Get notified when Spyderbat detects operations issues or suspicious behavior at runtime in your environment.

Spyderbat's notification system has 3 main components:

Notification Targets: Named destinations to where notifications can be sent.
Notification Templates: Templates that define the structure and content of notifications, simplifying the setup process.

Spyderbat allows users to set up Notifications for the below to stay informed about important events in their Spyderbat Organization.

Here are 3 types of notifiable objects:

What it is: Predefined searches to track specific patterns or behaviors in your data.

Why it’s useful: Automates monitoring by notifying you when new activity matches the query.

Example: Get notified when there’s unusual inbound connection.

What it is: Custom flags enable users to create tailored detection rules to monitor activities or behaviors specific to their environment.

Why it’s useful: Helps focus on what matters to you, like unusual commands or risky actions.

Example: Flag and alert when someone runs a command that requires high privileges.

What it is: Alerts about the health and status of Spyderbat agents.

Why it’s useful: Ensures agents are functioning properly and sending data.

Example: Get notified if an agent goes "Offline" or to "Critical" state.

Note: To Learn How to Configure Notifications for Agent Health Refer here

To quickly get started using using Spyderbat Notifications follow our tutorial using spyctl.

Last updated 4 days ago

Was this helpful?