alerts

Alert Management

Never Miss a
Critical Threat

Multi-channel alerting with intelligent routing, severity escalation, and noise reduction — so your team responds to what matters most.

3
Channels
5
Severity Levels
15min
Cooldown
<2s
Delivery Time

Live Alert Feed

Real-time simulation of alerts as they appear in your SOC console.

Alert Console
Active 12
CriticalGateway • Auto-Isolation Triggered
Brute-force attack from hostile nation — endpoint isolated
Source 185.220.101.34 • Target WEB-SVR-01 • 4,200 attempts in 3 min
Just now
CriticalEndpoint • Malware Detection
Crypto miner process terminated — child tree killed
Process xmrig.exe • Host DEV-PC-07 • PID 8472 + 3 children killed
12s ago
HighEndpoint • Anomaly Detection
Bulk file exfiltration — 847 files copied to USB in 4 minutes
User j.smith • Host FIN-PC-03 • Drive E:\ • 2.3 GB total
38s ago
HighEndpoint • Lateral Movement
SMB lateral movement attempt blocked — port scan detected
Source 10.0.5.22 • Scanned 445, 3389, 5985 on 14 hosts in 60s
1m ago
HighGateway • Threat Cloud
Connection to known C2 server blocked by Revive Threat Cloud
Domain malware-cdn[.]xyz • IOC confidence 98% • Source HR-PC-11
2m ago
MediumEndpoint • Anomaly Detection
Off-hours login detected — user authentication outside business hours
User r.jones • Host EXEC-PC-01 • Time 02:47 AM local
4m ago
MediumGateway • Geo-Fence
Blocked connection from geo-fenced country
IP 91.134.xx.xx • Country North Korea • Port 443
6m ago
MediumEndpoint • DNS Control
DNS request blocked — gambling category
Domain bet365.com • Host MKT-PC-05 • Category Gambling
8m ago
LowEndpoint • MicroSegmentation
Outbound connection blocked by firewall policy
Rule BLOCK-SOCIAL • Dest facebook.com:443 • Host ENG-PC-09
11m ago
LowEndpoint • File Monitoring
Suspicious file extension detected — .encrypted
Path C:\Users\admin\Documents\report.encrypted • Host SRV-DC-02
14m ago
InfoEndpoint • Heartbeat
Agent heartbeat restored after 15-minute gap
Host QA-PC-04 • Last seen 15m ago • Status Online
15m ago
InfoSystem • Policy Sync
Policy v3.14 deployed to Engineering group (12 endpoints)
Policy ENG-STANDARD • Changes: DNS rules, app blocklist updated
18m ago

Multi-Channel Delivery

Alerts reach your team wherever they work — email, Teams, or Slack — in under 2 seconds.

Email Alerts

Rich HTML emails with severity badges, event details, and one-click action links for quick triage.

[CRITICAL] Brute-force attack detected
Source 185.220.101.34 attempted 4,200 logins against WEB-SVR-01 in 3 minutes. Endpoint has been auto-isolated. Click to investigate...

Microsoft Teams

Adaptive cards posted to your security channel with severity, source IP, target, and quick-action buttons.

RS
ReviveSec Bot
CRITICAL — Crypto miner xmrig.exe terminated on DEV-PC-07. Process tree killed (PID 8472 + 3 children).

Slack Webhooks

Formatted Slack messages with colour-coded severity bars, clickable IPs, and threaded responses.

ReviveSec
Bulk file exfiltration: 847 files (2.3 GB) copied to USB by j.smith on FIN-PC-03 in 4 minutes.

Alert Capabilities

Every feature designed to reduce noise and amplify the signals that matter.

5 Severity Levels

Critical, High, Medium, Low, and Info. Each level has its own routing rules, escalation paths, and notification channels.

15-Minute Cooldown

Intelligent deduplication prevents alert fatigue. Same-type alerts are grouped and suppressed for a configurable cooldown period.

Per-Rule Configuration

Every detection rule has its own alert settings — channel, severity, cooldown, and custom message templates.

Escalation Chains

Unacknowledged alerts escalate automatically — from Slack to email to phone — until someone responds.

Smart Suppression

Whitelist known-good events, suppress during maintenance windows, and filter by host group or source IP.

CEF / Syslog Forwarding

Forward every alert to your SIEM in CEF format. Compatible with Splunk, QRadar, Sentinel, and Wazuh.

Alert Rule Builder

Create custom alert rules with conditions, thresholds, and actions. Every rule is versioned and can be exported across environments.

  • Condition-based rule logic (AND / OR)
  • Threshold & time-window triggers
  • Custom message templates with variables
  • Auto-action: isolate, kill, block
  • Rule versioning & rollback
  • Export / import JSON rule sets
Rule Editor Active
Rule Name
"Bulk USB Exfiltration"
Condition
IF file_copy_count > 100 AND target == "USB"
Time Window
5 minutes
Severity
HIGH
Actions
ALERT → Email, Teams   ACTION → Auto-Isolate

Alert Escalation Flow

Unacknowledged threats automatically escalate until someone takes ownership.

Detection

Rule fires, event classified by severity

Notify

Alert sent via configured channels in <2s

Escalate

No response in 5 min? Escalate to next tier

Respond

Analyst acknowledges and begins investigation

Resolve

Threat contained, alert closed with notes

Never miss a critical alert again

See ReviveSec alerting in action with a personalized demo for your team.

Book a Demo