Send Alert Notification via Telegram

This section will guide you on how to set up AngkasaIO WAF alert notifications to Telegram, allowing you to receive real-time security alerts directly on your Telegram chat or group for quick threat monitoring and response.

Telegram Group Preparations

1. Open Telegram on your device.
2. Create a new group or use an existing one where you want to receive WAF alerts.
3. Add @AngkasaIOBot to your group by inviting it.

4. Retrieve Your Telegram Chat ID:
   • In the group chat, mention @AngkasaIOBot and send the command:

     @AngkasaIOBot /setup

   • The AngkasaIOBot will respond with your Telegram Chat ID.

5. Save the Telegram Chat ID, as you will need it in the next step to configure AngkasaIO WAF notifications.

Alert Notification Configuration

1. Browse to your AngkasaIO Space (your dedicated environment).

2. Navigate to WAF and select WAF instance that you want to configure.

   

3. Locate and navigate to the Notification Setting section under Event Notification. This section allows you to configure real-time alert notification for your application's WAF.

   

4. In the Notification Setting section:

   • Enable feature 1
   • Send Notificaton to: Select Telegram for notification channel to use 2.
   • Telegram Chat ID: Enter the Telegram Chat ID you obtained in the previous step into the WAF notification settings. This will link your Telegram group to the WAF system, allowing you to receive real-time security alerts 3.
     

5. Click the Send a Sample Message button to verify and test your configuration.
   

6. If everything is correct, AngkasaIO will send you a sample message to your Telegram Group.

7. Click the Save button to apply your changes.
   

8. Your WAF is now configured to send Alert Notification to your Telegram Group.

Sample Telegram Alert Notification Message

The following is an example of a Telegram message sent by the AngkasaIO WAF.

• Title: Contains alert's severity level and affected application domain.
  There are eight level of Alert Severity Level:

  Severity	Description
  ⛔️ [Emergency]	The highest level of alert, indicating a complete system failure or catastrophic security breach. The WAF or application may be unreachable, and urgent intervention is required.
  🔴 [Alert]	A serious security threat has been detected, requiring immediate response to prevent further damage. The system is still operational but compromised.
  🟣 [Critical]	A high-risk attack has been detected that may cause data loss, unauthorized access, or application downtime if not addressed quickly.
  🟠 [Error]	A security violation or configuration issue is causing functionality problems but does not immediately threaten the entire system.
  🟡 [Warning]	Potentially malicious activity is detected but does not pose an immediate risk. It requires monitoring and possible action if the activity persists.
  🔵 [Notice]	Informational messages about policy violations or changes in security settings, but not necessarily an attack.
  🟢 [Info]	General security-related information about the system's activity, typically used for audit logs and monitoring.
  ⚪️ [Debug]	Detailed logs used for troubleshooting and debugging WAF rules or configurations. This level is not related to security threats.

• Date Time: Time of attack

• Summary: Summary of an attackm, including Attack method, Category, Description, and other details.

• Attacker Details: Detail of threat actore, including IP Address, Geo Location, and Autonomous System Number (ASN)

• AngkasaIO Console link: Direct link to AngkasaIO Console that can you use as shortcut to get more detail of an attack or take any action to response.

---