Skip to main content

Actions

Login to the Fluency Cloud portal: https://(companyname).cloud.fluencysecurity.com.

Open the Main Menu from the upper left-hand corner and choose the API Actions option under the EventWatch section.

On the following page, you'll see behavior actions displayed. The actions page allows you to set up an automatic workflow that occurs when behavior models are triggered. Actions can be assigned to specific behavior models in order to specify when alerts should be forwarded to any desired users. Behavior actions define what actions should be performed when a certain behavior alert is triggered. Actions can be defined for multiple behavior models, and multiple actions can be defined for a set of behavior models.

Click the pencil button on the right side of each action if you'd like to edit it.

Click "+ ACTION" button in the upper right corner of the list to add new behavior event action in the pop-up window.

The first field in this form is a name to describe what the action does. Next, select the behavior model(s) that this behavior action should apply to. Next, select the actions you want to apply to the behavior model(s). Lastly, select any desired lambdas. Lambdas can be used to perform more complex functions on an action.

In the second tab, APIs/endpoints information are given. You can also configure new action API by clicking the "+API CONFIG" button on the right side.

API configurations allow you to define an action. For example, an action with actor type “Email” will send an email to specified users when something occurs. An action with actor type “Slack” will send a Slack message to a specified channel when something occurs.

Above is an example of a “Notification” actor type. These are the default settings that appear when you select the "Notification" action type from the drop-down menu. The default name is “Notification-Default.” If desired, select an "Actor Name".

Going back to API Actions page, in the upper right corner, there's a button called "Manage actors". In the pop-up window, you can delete certain actors in the list by clicking the trash button.

On the other side, to add actor, click "+ OPTIONS" button in the upper right corner to open a drop-down menu listing all the available actors. Actors are external systems that can receive Fluency alerts and tickets. For some of these systems, Fluency is able to sync the status of tickets so that when tickets are closed or acknowledged on those sites, they are also closed or acknowledged on Fluency, or vice versa. Fluency currently supports PagerDuty, Slack, SentinelOne, and Peplink integration.

Example: PagerDuty

Page last updated: 2023 Aug 11