¶ Introduction
In today's digital landscape, protecting your organization's network is paramount. With Exium's Cybersecurity Mesh, you gain unparalleled visibility and control over your network security posture. By seamlessly integrating end-user devices and gateways into our robust security framework, Exium captures all critical log events while applying a comprehensive range of cybersecurity services.
From Web Gateway filtering to DNS Security, Firewall protection, and beyond, Exium's Cybersecurity Mesh ensures that every aspect of your network traffic is safeguarded against emerging threats. But security is more than just prevention – it's about staying vigilant and responsive to potential risks. That's where our Alert Types come into play.
Exium's Admin Console provides support for various types of alerts, each independently configurable to suit your organization's needs. Whether it's Threat Alerts, PM Alerts, Client Connection Status Alerts, Anomaly Detection Alerts, Gateway Connection Status Alerts, or Subscription Limit Notifications, Exium ensures that you're always informed about potential security events.
Our Threat Alerts, powered by Exium's Threat Intelligence platform, detect and block malicious URLs in real-time, leveraging updates from multiple threat sources to keep your network protected. Meanwhile, our PM Alerts provide insights into policy violations, allowing administrators to enforce granular security policies tailored to different user groups.
But alerts are only useful if they're actionable. That's why Exium's Alert Format ensures that every alert is prominently displayed in the Admin Console's Blocked Threats/Policies page. Additionally, alerts can be sent directly to your inbox via email or converted into PSA tickets for seamless integration with platforms like ConnectWise, Autotask, or Halo.
Navigating to the Exium Admin console Blocked Threats/Policies page is effortless, providing administrators with instant access to detailed insights and actionable options. Whether you're isolating users or adding allow policies, Exium's intuitive interface empowers you to respond effectively to security incidents.
¶ Maximize Protection with Exium's SASE Alerts
At Exium, we understand the importance of staying ahead of potential threats and keeping your network secure. That's why our Admin Console offers a comprehensive array of alert types, each designed to provide real-time notifications and insights into potential security risks. With the flexibility to configure alerts independently, you can tailor your monitoring strategy to meet your organization's unique needs.
|
No |
Alert Types and Integrations |
|---|---|
| 1 |
Cyber Threat Alerts
|
| 2 |
Policy Management (PM) Alerts
|
| 3 |
Client Connection Status Alerts
|
| 4 |
Client Installation Alerts
|
| 5 |
Subscription Limit Notification
|
Our Cyber Threats Alerts and Policy Management (PM) Alerts offer comprehensive insights into potential risks and ensure that your network remains secure at all times.
To view these Alert types on Exium Partner Portal, Follow below steps
- Navigate to the Partner Portal admin console
- Click on Alerts in the left menu bar as shown below
You can click on any type of Alerts and configure channel and other details as explained below.
- Click on Yes for Enable
- Click on Email or ConnectWise or Any Other PSA to which integration is enabled. More details about Email and ConnectWise channels is covered in later sections
- Enter Event Reporting Frequency value. This indicates the duration after which same event has to be reported again. The value is in minutes and default is 60mins.
- Click on Yes or No for Override. If Override is No, same settings gets applied for all the sub category of alerts. If it is Yes, Sub category settings override the main category settings.
More details about Email and ConnectWise channels is covered in later sections
¶ Cyber Threats Alerts
Exium's Threat Intelligence Platform (TIP) constantly monitors for malicious URLs, ensuring that any threats are promptly identified and blocked by our Cybersecurity Mesh. By leveraging data from various threat sources such as MISP feeds, OpenCTI, Blocklist, and Abuse.ch, our TIP platform updates the database in real-time, providing you with up-to-date protection against evolving threats. For more information about Threat Intelligence, please refer Threat Intelligence document.
To Manage the number of alerts, Exium puts the power of granular threat management by dividing the type of threats into 3 different severity levels
¶ Malicious/Malware/Phishing Threats Alerts - Critical Severity
All the websites and domains belonging to malicious, malware and phishing are categorised as critical severity. You can enable/disable these alerts based on the requirement.
¶ Spying/Crypto Mining/Piracy/Gambling Threats Alerts - High Severity
All the websites and domains belonging to spying, crypto mining, piracy and gambling are categorised as high severity. You can enable/disable these alerts based on the requirement.
¶ Ads/Trackers/Metrics Threats Alerts - Medium Severity
All the websites and domains belonging to Ads, trackers and metrics are categorised as medium severity. You can enable/disable these alerts based on the requirement.
¶ Granular level Sub category settings
To override settings at sub category level or to disable few sub categories, Click on Threats Alerts on Alerts table and Click on Override Yes on main category, then make the settings at individual sub category level as shown below.
¶ Policy Management (PM) Alerts
Exium's Policy Management (PM) Alerts provide a powerful toolset for administrators to enforce robust security policies tailored to their organization's needs. With features like Web Category Filtering, Web Domain Filtering, and Firewall capabilities, Exium puts the power of granular policy management in your hands.
¶ Web Category Filtering
Exium's Cybersecurity Mesh allows administrators to block access to specific URLs based on predefined Web Category policies. With support for all high-level IAB categories and select subcategories, Exium enables administrators to effectively control user access to web content. Tailor your policies to different user groups and ensure a secure browsing experience for all. More Information about Web Category Filtering here
¶ Web Domain Filtering
Take control of your organization's web access with Exium's Web Domain Filtering capabilities. Block access to specific URLs, domains, or applications that pose security risks, all with the flexibility to define different policies for different user groups. With Exium, you have the power to safeguard your network from malicious web content effectively. For more information about Web Domain Filtering, please refer Web and SaaS Security document.
¶ Firewall
Exium's Firewall capabilities allow administrators to block access to specific IP addresses and ports, adding an additional layer of defense against cyber threats. Define custom firewall policies for different user groups, ensuring that your network remains secure from unauthorized access. With Exium, you can confidently protect your organization's assets from external threats. For more information about Firewalls, please refer Zero Trust Firewalls document.
¶ Ingress GeoLocation IP
Geolocation IP policies are a crucial component of modern cybersecurity strategies, providing organizations with the means to enhance their network security, compliance, and user experience. By leveraging geolocation data associated with IP addresses, businesses can implement targeted policies to control access, mitigate security threats, and ensure regulatory compliance. For more information about Ingress GeoLocation IP Policies, please refer Ingress GeoLocation Policies document.
¶ Egress GeoLocation IP
Geolocation IP policies are a crucial component of modern cybersecurity strategies, providing organizations with the means to enhance their network security, compliance, and user experience. By leveraging geolocation data associated with IP addresses, businesses can implement targeted policies to control access, mitigate security threats, and ensure regulatory compliance. For more information about Egress GeoLocation IP Policies, please refer Egress GeoLocation Policies document.
¶ Egress GeoLocation Domains
Egress Geolocation Domains blocks all the websites originated or hosted from a country. This is done based on the suffix from that country ccTLDs.
¶ Granular level Sub category settings
To override settings at sub category level or to disable few sub categories, Click on PM Alerts on Alerts table and Click on Override Yes on main category, then make the settings at individual sub category level as shown below.
¶ Efficient Alert Management with Exium
Stay on top of security threats with Exium's comprehensive alert management system. Alerts are seamlessly integrated into the Admin Console's Blocked Threats/Policies page, providing administrators with instant access to critical information. Customise your alert preferences to receive notifications via email or as PSA tickets (Connectwise PSA, Autotask or Halo PSA), ensuring that you never miss an important security event.
¶ Exium Admin Console
All the alerts by default captured and available on Exium end company Admin Console as Blocked Threats/Policies Page. You can access the Blocked Threats/Policies page in the Exium Admin Console by navigating to the SASE Dashboards and clicking on Blocked/Threats Policies. Here, you'll find detailed insights into security events and actionable options such as isolating users and adding allow policies.
To view Blocked Threats/Policies on Exium Admin Console, Follow below steps
- Navigate to the Service Portal admin console
- Click on SASE Dashboards in the left menu bar and Click on Blocked/Threats Policies as shown below
For taking actions on an alert, you can goto actions column and click on corresponding action. For example, if you want to create Allow Policy, click on Add Allow Policy action for an event and select the level (User, Group or Workspace) where the allow policy to be added and click on Submit as shown below.
¶ Mail Channel
Opt to receive alerts via email by configuring your alert settings in the Admin Console. To configure Mail as channel on Exium Partner Portal, Follow below steps
- Navigate to the Partner Portal admin console
- Click on Alerts in the left menu bar as shown below
- Click on a particular Alert Type. On right side popup, you can select the Channel as Email.
- Enter Email to where all alerts shall go and change Enable to Yes. Click on Update as shown below.
The configured email will start receiving all alerts in the form of mails. Sample mail as shown below.
¶ PSA Channel - ConnectWise
For seamless incident management, integrate Exium with ConnectWise or other PSA platforms. Alerts can be automatically converted into tickets, streamlining your response process and ensuring that security incidents are addressed promptly. Access this feature by navigating to the Blocked Threats/Policies page under SASE Dashboards.To configure Mail as channel on Exium Partner Portal, Follow below steps
- Navigate to the Partner Portal admin console
- Click on Alerts in the left menu bar as shown below
- Click on a particular Alert Type. On right side popup, you can select the Channel as ConnectWise.
- Change Enable to Yes. Select Default Service Board, Default Status and Default Priority and then click Update as shown below.
The ConnectWise PSA account will start receiving all alerts in the form of PSA tickets. Sample ticket content as shown below.
Experience the Exium advantage and take your cybersecurity strategy to new heights. With Exium, you're not just protected – you're empowered. To learn more about implementing SASE for your organization and explore tailored solutions that meet your unique requirements, contact Exium at hello@exium.net for a consultation or demonstration.