1. Overview
  2. Configuring response actions
  3. Configuring alerts

Configuring alerts

Alerts notify users when SSH access events occur on systems. These notifications track connection attempts, logins, and potential security events based on configured parameters. Alerts can be set up to monitor specific usernames, IP addresses, failed login attempts, and security risk assessments. When triggered, the system sends notifications through email or webhooks, providing information about the detected SSH activity. This monitoring functionality informs administrators about SSH events that may require review according to established security protocols.

Plan Requirements

Custom alerts are available exclusively to Pro and Enterprise plan subscribers. This feature helps you stay informed about important SSH activities on your servers.

Alert Types Available

Login-Based Alerts

  • Login User: Track attempts by specific usernames
  • Successful Login User: Monitor successful logins for particular accounts
  • Failed Attempts: Get notified when failed login attempts exceed a threshold
  • IP Address: Watch for connections from specific IP addresses
  • Server ID: Monitor activity on particular servers
  • Security Rating: Alerts based on risk assessment levels

Setting Up Alert Rules

Creating a New Alert

  1. Select Monitoring Field:
    • Choose what to monitor (login user, IP address, etc.)
    • The condition options will update based on your selection
  2. Choose Condition:
    • For text fields (usernames, IPs, servers):
      • equals
      • does not equal
      • contains
      • starts with
      • ends with
    • For numeric fields (failed attempts):
      • equals
      • does not equal
      • is higher than
      • is lower than
  3. Enter Alert Value:
    • Specify the exact value to trigger the alert
    • Case-sensitive for text matches
    • Numeric values for failed attempts
  4. Select Notification Method:
    • Email only
    • Webhook only (requires webhook configuration)
    • Both email and webhook

Notification Options

Email notifications are available by default and deliver event details to your registered address. Webhook notifications, which send structured data to external systems, require prior configuration in system settings before appearing as an option in the alert builder. You must set up at least one webhook endpoint before this delivery method becomes available. Both notification methods can be used independently or together to monitor SSH access events.

Email Notifications

  • Sent to your registered email address
  • Include detailed event information
  • Provide direct dashboard links
  • Available to all Pro/Enterprise users

Webhook Notifications

  • Requires webhook configuration
  • Send alerts to external systems
  • Customizable payload format
  • Ideal for integration with other tools

Managing Alert Rules

Viewing Current Rules

  • All active rules are listed in the Alerts tab
  • Each rule shows complete configuration
  • Notification method is indicated
  • Rules are always active

Deleting Rules

  • Click the delete (trash) icon next to any rule
  • Confirmation required before deletion
  • Takes effect immediately
  • No undo option available
Was this article helpful?