Replies: 1 comment
-
You have to do this manually from the CLI. Your rules will go into |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
While the Alert interface is a perfect tool for getting an almost real time view into what's happening attackwise you need to be sitting in front of your screen to get notified ;-)
In order go get notifications while AFK I'm looking for a way to send out email notifications for types of alerts. So for example getting email notifications for suricata "high" alerts or notifications for a certain suricata SID.
While I understand that this seems to be a "Pro" feature (https://docs.securityonion.net/en/2.4/notifications.html#notifications) going to a Pro license doesn't make sense in my context, since we don't need all the other features of Pro like OpenID connect, Kafka, FIPS, STIG etc.
Is there any way to get email notifications for suricata alerts without a Pro license? Has anybody out there got that running? Please note that I'm running S.O. 2.4.100, so the old "Playbook"-feature is no longer available.
Thanks much in advance for any clue.
Beta Was this translation helpful? Give feedback.
All reactions