Alerts
Logystera fires alerts when a rule condition is met. Alerts are delivered via email and/or webhooks, and are logged in the alert activity feed.
Alert rules
Rules are pre-built for each entity type. You do not write rule logic — you enable or disable individual rules per entity.
To manage rules for an entity:
- Go to Entities → select your entity
- Click Rules
- Toggle rules on or off
Rules marked as recommended (highlighted) cover the most impactful scenarios — authentication anomalies, privilege escalation, infrastructure failures. Disabling them reduces your coverage.
Rule descriptions
Each rule shows:
- Name — a human-readable description of what it detects
- Severity — Critical, High, Medium, or Low
- Enabled/Disabled — whether it is active for this entity
Snoozing alerts
Snooze temporarily silences a rule for a specific entity without disabling it. When the snooze period expires, alerts resume automatically.
Snooze from the dashboard
- Go to Entities → select your entity → Rules
- Find the rule you want to snooze
- Click Snooze and choose a duration: 1 hour, 4 hours, 8 hours, or 24 hours
- The rule shows a "Snoozed" badge with the expiry time
To cancel a snooze early, click the Unsnooze button on the rule.
Snooze from Slack or Teams
When an alert is delivered via Slack or Teams, the message includes Snooze links with preset durations (1h, 4h, 24h). Clicking a snooze link:
- Opens a confirmation page in your browser
- Applies the snooze immediately — no login required
- Shows the rule name, entity, and when alerts will resume
Snooze links are valid for 24 hours after the alert fires.
Snooze vs. Disable
| Snooze | Disable | |
|---|---|---|
| Duration | Temporary (1h–24h) | Permanent until re-enabled |
| Auto-resume | Yes | No |
| Use case | Planned maintenance, known noisy period | Rule not relevant for this entity |
Alert activity
Alert activity shows all alerts that have fired, across all entities.
For each alert:
- Rule — which rule triggered
- Entity — which entity it fired on
- Time — when it fired
- Severity — Critical / High / Medium / Low
- Status — whether it was delivered successfully
Use this view to review what has fired recently and confirm alerts are being delivered.
Alert delivery
Alerts are delivered via:
- Email — to users configured for email notifications
- Webhooks — to endpoints configured at the entity or account level, in JSON, Slack, or Microsoft Teams format
Configure delivery in Settings → Notifications (account-wide) or in the entity's Notifications tab (entity-specific overrides).
Delivery status
The alert activity feed shows delivery status per alert. If a webhook endpoint is unreachable, the delivery shows as failed. You can inspect the payload in Settings → Webhooks → Deliveries.
Alert guides
For investigation guidance on each alert type, see the Alert Guides.