Activity triggers
Enterprise edition
Activity unified interface and logging are available under the "OpenCTI Enterprise Edition" license.
Description
Having all the history in the user interface (events) is sometimes not enough to have a proactive monitoring. For this reason, you can configure some specific triggers to receive notifications on audit events. You can configure like personal triggers, lives one that will be sent directly or digest depending on your needs.
Configuration
In this type of trigger, you will need to configure various options:
- Notification target: user interface or email,
- Recipients: the recipient of the notification,
- Filters: a set of filters to get only events that really interest you.
Event structure
In order to correctly configure the filters, here's a definition of the event structure
-
Event type:
authentication- Event scopes:
loginandlogout
- Event scopes:
-
Event type:
read- Event scopes:
readandunauthorized
- Event scopes:
-
Event type:
file- Event scopes:
read,createanddelete
- Event scopes:
-
Event type:
mutation- Event scopes:
unauthorized,update,createanddelete
- Event scopes:
-
Event type:
command- Event scopes:
search,enrich,importandexport
- Event scopes: