Skip to main content

Demo Incident

Fluency Event Watch Rule

An Event Watch (behavior) rule is defined in Fluency.

Login to the Fluency Cloud portal: https://(companyname).cloud.fluencysecurity.com.

Open the main drop-down menu and choose the Behavior Rules option under the EventWatch section.

Behavior rules are shown as below:

For example, type "SyslogEventReceived" in the search bar and then you can see the result:

Syslog Test Event

A test event is injected into the system.

Open the main drop-down menu and choose the Events Search option under the Data Lake section.

Type "@Behaviors:"SyslogEventReceived"" in the search bar hen you can see the corresponding test event as below:

Behavior Alert

Fluency

A New alert is generated in Fluency for the above event.

Open the main drop-down menu and choose the Behavior Summary option under the EventWatch section.

In the search bar on the left, type in "SyslogEventReceived" and the behavior alert is shown.

PagerDuty

An corresponding alert is sent to PagerDuty for the same incident.

Resolution

Resolving the Alert in PagerDuty provide a real-time update back to Fluency.

The alert now carries the Resolved status.

Page last updated: 2023 Aug 07 11:49:33 EDT