Guides
Start typing to search…

Tips for setting up your smart alerts

Smart Alerts are most effective when configured around the technologies you rely on and the threat signals most relevant to your organisation.

Below are some recommended approaches to help you get started.

Start with Your Key Vendors

A good first step is to create alerts based on the vendors your organisation depends on most.

By monitoring vulnerabilities associated with your core technologies and platforms, you can ensure that new risks affecting your environment are surfaced quickly.

This approach helps reduce noise by focusing alerts on vulnerabilities that are most likely to impact your organisation.

Focus on Exploitation Signals

Not every vulnerability carries the same level of risk. Many security teams prioritise vulnerabilities that show signs of active exploitation or exploit development.

Useful intel tags to monitor include:

  • PPE (Potential Public Exploitation) – signals that exploitation may already be happening
  • CISA KEV – vulnerabilities confirmed to be exploited in the wild
  • POC – public proof-of-concept exploit code available

These tags help you identify vulnerabilities that may require immediate attention.

Monitor Threat Actor Activity

Another useful strategy is to track vulnerabilities associated with known threat actors.

For example, alerts based on the KTA (Known Threat Actor) tag can help identify vulnerabilities that attackers are discussing or potentially weaponising.

This allows teams to prioritise vulnerabilities based on real attacker behaviour, not just severity scores.

Track Emerging Risks

Some vulnerabilities begin attracting attention before exploitation begins.

Monitoring signals such as:

  • Cytidel Spotlight (SPOT)
  • Proof-of-Concept (POC)

can help identify vulnerabilities that are likely to become important soon.

Use Risk and Exploit Scores

You can also refine alerts using vulnerability scoring metrics such as:

  • Risk rating
  • CVSS
  • EPSS

This allows you to focus alerts on vulnerabilities with higher potential impact or exploitation likelihood.

Enable Email Notifications Carefully

Email notifications are optional and disabled by default. Once you have configured alert rules that match your monitoring priorities, you can enable email notifications to receive alerts when new vulnerabilities match your rules.


Updated 24 days ago