Skip to content

How to create new alerts

CYBERQUEST alerting is highly customizable per user. Alerts can be defined to respond to specific events, improving accuracy and reducing false positives.

Follow the steps to create a new alert:

Step 1. Authentication

To access the web interface, open a browser and enter the application's IP address or DNS name. The default address initially assigned to the web interface is https://CyberquestIPAddress (example).

The browser automatically redirects to CYBERQUEST's authentication page:

Login page

Step 2. Navigate to Alerts

From Settings, select Alerts > Realtime. The Realtime page opens.

Realtime alerts page

Step 3. Create new alert definition

On the Alerts page, click Create new alert definition to create a new alert.

Create new alert definition

Step 4. Complete the form

Complete the form and click "Save Alert & Exit":

Alert definition form

  • Alert Name: Name of the new alert.

  • Alert Active: Select ALERT ACTIVE to enable and clear to disable.

  • Time Frame TTL (sec): Duration the alert remains active after triggering.

  • Alert Security Score:Reference score used for dynamic scoring. The real-time score adjusts between this value and 100, depending on rules and event volume.

  • Alert Security Level: Behaves similarly to score, uses the same color coding.

  • Sent as Alert: When cleared, the alert remains active but produces no user‑visible notification, used for backend correlation across events, triggers, and alerts.

  • Has Action: Enable to associate a script executed on trigger. Click Actions Parameters to open Script Editor and define the action.

  • Send via Email: Enable to send the alert to defined recipients.

  • Notification Template: Select a built‑in or custom template. Default is "Default notification".

Under Rules, define logic using field, report, and correlation conditions joined by AND, OR, and NOT. Supports single‑event rules and complex correlations (event order, or missing events in a sequence).

  • Previous / Next: Navigate between rule conditions.

  • Add Rule: Adds a new rule. Configure it in the Rule Settings pane.

Rule Settings defines rule logic:

  • Description: Text describing the rule.

  • Add field condition: Select an event field, a value operator, and a value.

  • Add report condition: Select a report from existing reports.

  • Delete: Removes the condition.

When a condition is added, AND is the default operator; toggle to OR as needed. Enable NOT to negate a condition when required.