Support Center

Welcome
Login  Sign up

Secure Alerts

Secure Alerts are designed to inform you when your Security Posture regresses, keeping noise to a minimum while giving you real actionable insight into security risks.


Supported Alerts


Secure Alerts can be configured for the following posture items:

  • Admin MFA Policy
  • User MFA Policy


Monitoring & Alerting Frequency


Our servers update your Secure Posture Audit daily (weekends included).  Every morning at 8am EST, the latest data is run through our logic processor to verify if your Secure Posture has regressed on the policies for which Alerting is enabled. Emails for any regressions will be sent immediately at this time.



Alerts Format


We currently support alerts via email. These can be configured to be sent directly to your PSA, or any stakeholder based on preference.

The emails do not contain any html, and should be easily parsed by your PSA.

A single email will be sent per day, per policy type.  All security posture regressions for a single policy type will be aggregated into a single email in the following format:


Subject; <alert type> Alert for <tenant>


Tenant: <tenant>

Discovered on: yyyy-mm-dd

 

===========

 

Name: <user1>

Email: <email1>

Previous State: Enabled (yyyy-mm-dd)

Current State: Disabled (yyyy-mm-dd)

 

Name: <user2>

Email: <email2>

Previous State: Enabled (yyyy-mm-dd)

Current State: Disabled (yyyy-mm-dd)

 

--



Alert Logic


MFA regression (admin and user):


Hardcoded logic based on the following:

  • Logic is not evaluated at the time the integration/feature enablement.  We don't want to hammer your inbox with notifications for nothing
  • Daily comparisons evaluated(previous days record at scan time vs new record at scan time)
  • Alert is sent if a previous days record was compliant (MFA required) and the new record is non-compliant (MFA not required).  **Note here that while the risk delta could have regressed by a user no longer requiring MFA, they could still be enrolled, but the lack of requirement means they could also disable MFA, leaving a security risk.  This is why we chose to focus on MFA required vs enrollment, as MSP's typically are in control of enforcing the requirements
  • When a new user is added to the environment without MFA requirement, a notification will not be generated, as that is their baseline state.  This avoids unnecessary notifications for things like Service Accounts.


Testing Alerts


To help in configuring of email or PSA routing rules, it is possible to trigger a Test Alert for each alert type by going to your Alerts configuration page and selecting the specific Tenant.  Clicking the button will generate a test alert with fake data in the same format as a real alert.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.