You can receive alerts through several outbound integration services.
Email alerts send notifications to designated email addresses when findings are detected. Alerts can be configured for specific criteria (rules, cloud accounts, and so on). You can add multiple email addresses to a single alert.
Jira Cloud alerts are associated with an existing Jira integration and automatically create issues for any rules violation that fits specified criteria. For example, you can configure an alert to create a Jira issue for any rule with high severity on specific cloud accounts.
Slack alerts send notifications to a designated slack channel when findings are detected. You can add only one slack integration and channel per alert.
Splunk alerts can send information about security findings to your Splunk instance, where they are integrated into Splunk-based reporting tools and metrics.
Amazon SQS alerts allow you to send notifications to an SQS queue for events like security findings, where they can serve as triggers for other programmatic actions. For example, an SQS alert that detects an instance running on an insecure network could trigger the automatic shutdown of the instance.
Webhook alerts send security findings in JSON format to an assigned URL. You can use webhook alerts to transmit findings to any third-party software that lacks a native integration with CloudHealth Secure State.
Follow these steps to set up an alert for a cloud account and service of your choice.
From the dashboard, navigate to Actions > Alerts.
Select New Alert.
Enter a Name for your alert.
For Integration, select the service you want to receive alerts through, then the specific integration you want to use.
Note: For email alerts, there is another option to select either real time or summary notification. Real time sends an email to you immediately when the alert is triggered, while summary sends you a digest version at hourly, daily, or custom intervals.
Click Next, then select the cloud accounts you want to receive alerts from. You can choose multiple cloud accounts or leave All Cloud Accounts selected to include everything in your current scope.
Click Next, then review the information provided before creating your alert. Click the Enable toggle to activate the alert immediately upon creation.
You can review your alerts from the dashboard Actions > Alerts. To change an existing alert, select it from the list, select Edit Alert and make any desired changes (like adding or removing cloud accounts).
To copy an alert, select it from the list and click Clone Alert. This is useful when creating similar alerts in bulk.
You can disable an active alert by clicking the Enable toggle next to it. Disabled alerts stop monitoring cloud accounts for security findings and don't send any notifications.
To delete an alert, select it and click Delete Alert. This is the only action you can perform while multiple alerts are selected. Deleted alerts are not recoverable.