What does ALL versus ANY match logic mean?

ALL fires only when every selected criterion matches an event, narrowing the rule. ANY fires when any one criterion matches, widening it.

Where can alerts be delivered?

To your own email, to webhooks or MISP integrations you have set up, to individual Stakeholders, or to entire Organizations.

Set up automatic alerting.

Last updated 14 Jun 20262 min read

Alerts make sure you, your customers, and the systems that need intelligence are notified the moment something relevant comes in. You define a rule from criteria such as specific threats, regions, sectors, or assets, decide how strictly events must match, and choose where matching events are delivered. From then on, any new event that matches is routed automatically in the right format for each destination.

How to create an alert

Go to Alerts in the sidebar and click Create New Alert.
Give the alert a name, for example "Infostealer threats to the financial sector".
Select your criteria (see the table below).
Choose the match logic: ALL or ANY.
Choose the destinations the alert should be sent to.
Activate the alert (it is enabled by default) and create it.

The Liberty91 alert rule configuration form with fields for threat actors, malware, vulnerabilities, target and source regions and countries, sectors, asset technologies, match logic, and notification destinations

Alert criteria

You can combine any of these criteria in a single rule.

Criterion	What it matches
Threat Actors	One or more actors from your Threat Library
Malware	One or more malware families from your library
Vulnerabilities	One or more vulnerabilities from your library
Target Regions	Regions you want to watch for targeting
Target Countries	Countries you want to watch for targeting
Target US states	Specific US states you want to watch
Source Countries	Where the threat originates, for example Russia, China, Iran, or North Korea
Target Sectors	Sectors you want to watch
Asset Technologies	Technologies in your organizations' asset lists
Suppliers	Suppliers in your list

Match logic

Decide whether the rule should match ALL of the selected criteria together, or ANY of them. ALL is the right choice when an event must satisfy every criterion, for example a particular sector and a particular malware at the same time. ANY is the right choice when you want to be alerted if any single criterion is met.

Destinations

Choose where matching events should go: your own email address, any of the webhooks or MISP integrations you have set up, any of your Stakeholders, or entire Organizations. You can also route alerts to a Slack channel once that module is configured. Each destination receives the alert in the format relevant to it.

Was this page helpful?

← PreviousSend a report to a stakeholder Next →Customize your Morning Reports