Skip to main content

Security Event

When a rule is triggered, a security event is generated by the Waratek Agent and sent to the Portal for visibility and investigation.

Security events provide key runtime details such as:

  • Date and time
  • Application and agent
  • Mod and rule name
  • Rule type and severity
  • Trigger details

These details help you monitor rule activity and investigate potential attacks using the Events and Advanced Search pages in the Portal.

Logging

A custom message can be provided for the security event. This value is included, as one of the extension fields, in the generated event, making it easier to identify and filter specific rule triggers. If left blank, a default message is used.

Severity

In the Rule Wizard, you can assign a custom severity level to the event: Low, Medium, High or Critical. A severity level is required, and no default value is selected.

The Disable Logging toggle is available in the Advanced Options section of supported rules in the Rules Wizard. If this option is selected, no security event is logged for that rule trigger, and the event will not appear in the Portal.

The Disable Logging will be disabled/greyed out, when the rule action is set to Detect.