Skip to content

Forwarding

Forwarding

The Forwarding feature in Netalert NDR enables the transmission of security alerts to external systems via Syslog for centralized monitoring and analysis. This ensures that detected threats and security events are efficiently relayed to SIEMs, log management tools, or other security platforms for further processing.

Alt Image

Alt Image

Key Configuration Parameters

  • Alerts - administrators can select specific types of alerts to forward using a dropdown list. This list contains a wide range of alert categories that can be chosen based on the organization's monitoring needs. All the alerts generated by the application, which are viewable and searchable, are summarized in the following link: Types of Alerts.

  • Protocol - specifies the communication protocol used to forward alerts from Netalert NDR to external systems. In this example, the protocol is set to UDP

  • DestinationServers - specify the destination server's IP address and the port where the alerts will be sent. Typically, this would be the server’s IP and the standard port (e.g., port 514 for Syslog).

  • Impacts - allows administrators to specify which levels of impact for security alerts should be forwarded. These impacts define the severity or potential consequence of an alert, helping prioritize the urgency of the forwarded data. The available impact levels are:

    • LOW: Represents minor alerts that have a minimal or no immediate impact on the network or systems.

    • MEDIUM: Indicates alerts that require attention, but may not immediately disrupt operations.

    • HIGH: Refers to more serious alerts that could potentially affect system performance or security.

    • CRITICAL: Represents the most severe alerts, often signifying a major security threat or breach that requires immediate action.

  • Active Flag - a binary setting (active or inactive) determines whether the forwarding mechanism is currently enabled. If set to active, alerts will continuously be forwarded to the configured destination.

  • Severities - allows administrators to filter and select the specific severity levels of alerts to be forwarded. These severities are represented as numerical values ranging from 0 to 9, with each level corresponding to the urgency or criticality of the alert. The severity levels are typically used to prioritize alerts based on the potential impact to the system or network.

Go back to the Administration index.