Security Requirements and Controls

LogScale alerts and scheduled searches can be configured to trigger various actions to inform users or administrators of an issue. Different actions are available, for example to send an email or to copy a matching event to a new repository where it could be used as part of another dashboard. Triggers can be either Alerts or Scheduled Searches.

Perform the following activities with actions.

  • Creating Actions

    Actions can be created from scratch, from a template that has previously been exported, or based on an action defined within an existing package.

  • Managing Actions

    From the main Actions page you can view, duplicate, export or delete actions from the repository.

There are several tools and incident management platforms that may be used to get notified of a potential problem or to bring a situation to someone's attention. LogScale currently supports the following action types:

  • Action Type: Email

    Sends an email using a template through email delivery services integrated with LogScale such as Postmark.

  • Action Type: Falcon LogScale Repository

    Forwards matching events to another repository within the cluster.

  • Action Type: OpsGenie

    You can integrate OpsGenie with LogScale so that triggered alerts can send emails or SMS messages, or other notifications.

  • Action Type: PagerDuty

    With this alternative service, notifications can be sent automatically by phone call, SMS, push notifications and emails. Which type of action taken can be determined based on the alert triggered and other factors like the severity of the alert, the day of the week or time of day.

  • Action Type: Slack

    Slack is a popular internal chat system for many organizations. LogScale can be set to sent messages to your company's Slack account, to the chat room of your choice.

  • Action Type: Upload File

    This action allows to upload the trigger events as a CSV file in LogScale.

  • Action Type: VictorOps (Splunk On-Call)

    Another system for notifications with on-call scheduling, VictorOps may be accessed by an alert when triggered.

  • Action Type: Webhooks

    Can perform an HTTP(S) request to any URL and can therefore be used to integrate third-party services. Using webhooks is the best method for supporting custom actions that are not supported by any of the built-in options.