Similar to email notifications, you can also activate notifications to be received through Slack and Microsoft Teams. You can enable this in the Settings section under integration, where you can copy the desired webhook (Microsoft Teams or Slack) and activate it to receive notifications via real-time messaging.
1. Slack setup instructions (Microsoft Teams is almost the same)
Install the incoming webhook on your Slack
-
Go to Apps
-
Go to View App directory
-
Search for
incoming-webhook
-
Go to Add Configuration
-
Post to Channel: choose the channel/group where to send the notification.
-
Click Add Incoming WebHooks Integration
-
Go to Customize Name: Add name i.e.
ACSIA Notifier
-
Copy the WebHook URL
Configure on ACSIA UI:
-
Access to Web UI
-
Go to Settings -> Integration
-
Activate Slack or Microsoft Teams
-
Paste the URL copied
An example of email and Slack notification is shown below:
As shown in the above screenshot, we have received a notification about a successful user access login by user acsia, our pre-production server. This informs us that a legitimate user is logged in, but ACSIA has rightfully notified this as a potential account compromise.
This user and location will become legitimate for ACSIA only if we authorize the user with the associated location as legitimate. The ACSIA administrator needs to train the ACSIA machine learning module regarding legitimate accesses like this. Once authorized by an Administrator, ACSIA will know about that user pattern and will no longer send a notification (unless the account is compromised).
2. BitDefender Integration
Bitdefender prevents and detects malware infections. This new feature allows ACSIA to deploy Bitdefender on hosts automatically and orchestrate detection.
To enable this integration, you will need to buy an additional license. Once BitDefender has been integrated, it cannot be applied to agents that have already been deployed. You need to uninstall the agent, reinstall it, and then you can activate the antivirus.
3. Amazon AWS Elastic Beanstalk Integration
ACSIA comes with the AWS Elastic Beanstalk Integration feature to monitor applications running within Elastic Beanstalk.
If you have applications running on Elasticbeanstalk and you want ACSIA to monitor and protect them, then run the following command in the terminal: acsia_adapter_beanstalk.py
You will be prompted to provide the following information from your AWS environment:
-
AWS Access Key ID (IAM User)
-
AWS Secret Access Key (IAM User secret)
-
Default region name (Region where Beanstalk is located)
-
Default output format: (can be JSON or text, but JSON is preferred)
-
ACL (Network access control list ID in Beanstalk VPC)
After the above deployment, you will be given an IP address (internal/private IP). The IP address can be retrieved later by running the command: acsia_adapter_ip.sh
.
Log on to the ACSIA Web UI Console and add the Linux host using the IP address provided earlier (Getting Started->Start->Linux
).
So that you know, some alerts or warnings about the configuration may be displayed when configuring services. Please take note of these and contact your internal support function for help and if they can't be resolved, please contact ACSIA support. These notifications do not generally affect the monitoring function of ACSIA but should be investigated.
To complete the Elasticbeanstalk deployment, make sure to include the acsia.config
file provided in your elasticbeanstalk application startup pack (Kickstarter package).
After completing all the above steps, login into a new command line on the ACSIA server and restart ACSIA by running the acsia_restart
command. This is to make sure ACSIA picks up all changes and configuration files.