search close

Making Security Visible

access_time Updated Jun 20, 2021

The teams that we’ve seen most successful with Signal Sciences are the ones that share their security data with the developers and operations engineers responsible for their web applications. Now that you’ve successfully verified that data is being sent to Signal Sciences and blocking mode is working, here are some ways that you can share that data with your wider organization:

  1. Setting up the Monitor View on a TV
  2. Inviting members as Observers
  3. Setting up integrations

Setting up the Monitor View on a TV

We’ve found that one of the best ways to get other teams interested in security is by putting up security dashboards on a TV. You can do this easily by using our read-only URL on the Monitor View page.

The Monitor View will reflect the Overview page as you’ve customized it. In the default grid view, the Monitor will simultaneously show up to the first six cards on the Overview page. Users can customize the cards and their arrangement from the Overview page. In the carousel view, the Monitor will cycle through all cards on the Overview page.

  1. Go to the Overview Page for the site by selecting the site in the site-selection dropdown menu, or clicking the name of the site on the left of the navigation bar.

  2. Click the “Monitor View” icon near the upper-right corner:

  3. Click Read-only URL.

  4. Click Enable.

  5. Copy the link and open it on the TV you’d like to display it on.

If necessary, you can invalidate and generate a new URL or disable the read-only URL altogether.

Inviting members as Observers

Another thing we’ve seen successful teams do is to invite members as Observers. Observers can view attacks and anomalies for a particular site (for example, to dig in to a spike they saw on the Monitor View), but they can’t make any changes, e.g. allowlisting or blocklisting IPs or expiring flags. To invite members as Observers:

  1. On the Site Members page, click Add Member.
  2. Enter the email address of the member you’d like to add.
  3. Choose Observer.
  4. Click Invite User.

They’ll be sent an invitation which expires in 24 hours.

Setting up integrations

We add new integrations all the time, so if you don’t see something you’re looking for, let us know. In particular, these are some of the integrations we encourage teams to set up:

  1. Integrating with your messaging app.
  2. Integrating with your incident response flow.
  3. Integrating with your other systems.

Integrating with your messaging app

If your team uses a chat client, you can be alerted when any activity occurs (e.g. an IP being flagged, when the agent mode is changed, an IP is allowlisted, etc…). We currently support Slack, and if you use IRC, you can also create your own integration using our generic webhook.

Integrating with your incident response flow

If you have an existing incident response flow, you can be alerted or we can create a ticket when an IP is flagged is malicious. We currently support PagerDuty, VictorOps, and JIRA.

Integrating with other systems

If you have another use case that we don’t currently support, you can also use our generic webhook to be notified when any activity occurs. That said, let us know if there’s another integration you’d like to see!

More Details On Integrations

For detailed instructions on how to configure integrations see the Integrations page.

Setting up Agent Alerts

You can set up alerts to inform you when the product isn’t functioning properly. To set up agent alerting, click on the Manage Alerts button at the top of the Agents page.

Manage Alerts

The alerting system uses our integrations to communicate. You must first have at least one integration configured to set up an agent alert. There are two types of alerts:

  • Average RPS: Will alert whenever the average number of requests per second (RPS) for all agents across all sites reaches a specified threshold. We offer an out-of-the-box alert (disabled by default) for whenever the average number of requests per second (RPS) for all agents falls below 10. If you are a high RPS customer, this alert could let you know of a possible issue.
  • Online Agent Count: Will alert whenever the number of online agents reaches a specified threshold. We offer an out-of-the-box alert (disabled by default) when the agent count falls to zero, which could be indicative of a problem.

You can edit and create multiple alerts. Currently, we offer alerting based on average agent RPS across all sites and online agent count. You can customize these alerts to specify values, boolean operators (such as “less than” or “equal to”), and a length of time after which to send the alert.

Note: You likely do not need both alerts enabled. Most customers find it useful to have one, but not both, enabled. Which alerts are useful to you will be specific to your setup.