Skip to content

Built in Automatic Alerts

CYBERQUEST's built-in automatic alerts provide continuous monitoring and real-time notifications when potential security threats are detected within your infrastructure. These alerts leverage threat intelligence feeds and predefined security rules to identify suspicious activities, enabling security teams to respond quickly to potential incidents.

Accessing Alert Settings

To configure and manage built-in automatic alerts in the CYBERQUEST web interface, navigate to Settings in the main menu, select Applications, then click on Alert Settings.

Alt Image

In the Alert Settings interface, the alerts can be enabled, disabled, and configured based on the organization's security requirements.

Alt Image

  • Alerts_Blacklisted_IPs - This alert monitors communications with known malicious IP addresses and provides two distinct detection mechanisms:
  • IP Match: Triggered in real-time when network traffic is detected to or from an IP address that matches entries in your blacklisted IPs database. This immediate alerting helps identify active communication with known threat actors.

  • Backwards IPMatch: When new IP addresses are added to your blacklist, this feature automatically checks historical data from the last 30 days to identify any previous communications with these now-blacklisted IPs. This retrospective analysis helps uncover previously unknown connections to malicious infrastructure.

  • Alerts_Blacklisted_Users - This alert monitors user activities against a list of blacklisted user accounts, triggering notifications when activities are detected from accounts that have been flagged as compromised or malicious.

CQ TI IPMatch

The CQ TI IPMatch alert is a real-time detection mechanism that triggers when network traffic is detected to or from IP addresses identified as malicious in the CYBERQUEST Threat Intelligence feed. This alert provides immediate notification of potential security incidents by monitoring all network communications against the continuously updated CQ Threat Intelligence database.

CQ TI Backwards IPMatch

The CQ TI Backwards IPMatch alert provides retrospective threat detection by automatically checking historical network data when new IP addresses are added to the threat intelligence database. This feature ensures that previously undetected communications with newly identified malicious IPs are brought to your attention.

Batch Fields Checker

The Batch Fields Checker is a powerful tool that allows security analysts to perform bulk validation of potential threat indicators against CYBERQUEST's data stores. This feature is particularly useful for analyzing large lists of suspected malicious entities without manually checking each one.

To use the Batch Fields Checker for uploading a text file and executing batch checking of selected fields (like as a list of malicious IPs), please follow the link: Batch fields checker.

CQ TI Domain Match

The CQ TI Domain Match alert monitors network activity for communications with domains identified as malicious in the CYBERQUEST Threat Intelligence feed. This alert is triggered whenever an event occurs that involves a domain listed in the BlackListDomains database.