We have developed a feature that minimizes delay in generating email notifications. The emails are generated within seconds of the event occurrence to catch extremely time sensitive incidents such as crypto-locker infections. To enable this new feature simply define a shell variable near the top of the start up script mss.sh such as:
Also make sure the sensor can send emails by executing the command:
netstat -tapn | grep 127.0.0.1:25
A line similar to the one below should appear:
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
If you do not see it, please enable your email daemon on the sensor by executing:
chkconfig postfix on
Then restart the sensor with the command:
The sensor will now send real time email alerts matching any of the email notification policies you have defined. Note that:
- This will not replace the email reports you are receiving already but it will provide advance notifications of the alerts contained in those same reports.
- The email alerts will originate from the sensor which does not have an MX record; therefore your SPAM filters will most likely block them. Please white list the sensor IP address to bypass the SPAM filter.
As always, thank you for your feedback,
The MetaFlows Team.