Reblaze Part of Link11
v5
v5v2.20.4v2.20.2v2.20v2.18v2.16v2.14v2.12v2 Release NotesMobile SDK v2.3.0Mobile SDK v2.2.x
v5
v5v2.20.4v2.20.2v2.20v2.18v2.16v2.14v2.12v2 Release NotesMobile SDK v2.3.0Mobile SDK v2.2.x
  • Reblaze Documentation
  • Release Notes
  • Known Issues
  • User Guide
    • Introduction to Link11 WAAP
  • How Link11 WAAP Works
    • Traffic Filtering Process
    • Traffic Reporting and Analytics
    • Policy Mapping and Traffic Routing
    • Tagging
    • UI Overview and Common Elements
  • Console UI Walkthrough
    • Analytics
      • Dashboard
      • Events Log
    • Security
      • Global Filters
      • Flow Control Policies
      • Security Policies
      • Rate Limit Rules
      • ACL Profiles
      • Actions
      • Dynamic Rules
      • Quarantined
      • Content Filter
        • Content Filter Profiles
        • Content Filter Rules
    • Sites
      • Server Groups
      • Proxy Templates
      • Mobile Application Groups
      • Backend Services
      • Edge Functions
      • DNS Records
      • SSL
        • Load Balancers
        • Certificates
    • System
      • Interactive Challenge
      • SSO Configuration
      • Purge CDN Cache
      • Users Management
      • Security Alerts
      • Log Exporters
      • Version Control
      • System DB
      • Publish Changes
    • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Authenticate mobile app users
      • Ban, unban, and allowlist traffic sources
      • Bypass Link11 WAAP for loadtesting or other purposes
      • Configure a new path/section of a site
      • Control caching behavior
      • Enable GraphQL traffic
      • Enable mTLS (mutual TLS)
      • Protect sensitive information in logs and analytics
      • Quickly block an attacker
      • Redirect or block HTTP traffic
      • Run custom code
      • Set rate limits and exemptions
      • Stream event data to a SIEM solution or other destination
    • The Link11 WAAP API
      • Overview
      • Internal data structures
      • Using Swagger UI
      • Using curl
  • Reference Information
    • Acronyms
    • API
      • API access to traffic data
      • Types of namespaces
      • Namespace reference
        • ACL Profiles
        • Actions
        • Backend Services
        • Certificates
        • Configs
        • Content Filter Profiles
        • Content Filter Rules
        • Data queries
        • Dynamic Rules
        • Edge Functions
        • Flow Control Policies
        • Global Filters
        • Load Balancers
        • Log Exporters
        • Mobile Application Groups
        • Planets
        • Proxy Templates
        • Rate Limit Rules
        • Security Alerts
        • Security Policies
        • Server Groups
        • Tags
        • Tools
        • Users
    • Hostile Bot Detection / LWCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Log Exporter Output
    • Pattern Matching Syntax
    • Query Filter Syntax and Best Practices
  • Support
Powered by GitBook
On this page
  • Overview
  • Usage within applications and APIs
  • Administration
  • Parameters
  • Name
  • Server Groups
  • Alert recipients
  • Dynamic Rules

Was this helpful?

Export as PDF
  1. Console UI Walkthrough
  2. System

Security Alerts

PreviousUsers ManagementNextLog Exporters

Last updated 1 day ago

Was this helpful?

Overview

Security Alerts allow admins to configure email alerts to be sent when Dynamic Rules are triggered.

Usage within applications and APIs

Security Alerts operate at the system level. They can be defined for individual Server Groups, or for multiple Server Groups simultaneously. When any of the specified Dynamic Rules is triggered for any of the specified Server Groups, an email alert will be sent to the designated recipient(s).

Each email alert includes:

  • The Dynamic Rule that was triggered: its name, description, "Limit" (a combination of the Rule's Number of events and Time frame), and "Type" (which corresponds to the Rule's Target setting)

  • A list of the violators of that Rule

In the email alerts, a Dynamic Rule enforcing limits on IP addresses will not be described as Type: IP; rather, the email body will say Type: remote_addr.

Administration

The main window (shown above) lists all currently defined Security Alerts.

The administration (addition/deletion/editing/versioning) of these Alerts follows the conventions described here.

Parameters

Name

The name of this Security Alert, for use within the interface.

Server Groups

The Server Group(s) for which this Security Alert will be active.

Alert recipients

One or more recipients (specified as email addresses, separated by commas) to receive alerts when any of the listed Dynamic Rules are triggered.

Dynamic Rules

One or more Dynamic Rules which will, when violated, trigger the sending of email alerts to the specified recipients.

When adding Dynamic Rules to a Security Alert, ensure that each Rule is in "active mode". Rules that are inactive will not trigger Security Alerts.