TroutTrout
All docs

Detection and Alerts

Detect suspicious activity on your network and get a curated set of alerts out of the box.

3 min read · Last updated 2026-04-22

Access Gate watches the traffic it sees and raises an alert when something looks off — a rule triggered on an enclave flow, an unexpected service on a zone, a device that suddenly goes silent. You do not have to write detection content from scratch: the product ships with a curated library of rules tuned for industrial and hybrid networks.

What Detection Covers

Access Gate combines three sources of signal:

SourceWhat it catchesWhere the signal comes from
Flow rules (Snort)Known-bad payloads and protocol abuse inside enclave trafficLive inspection of flows on overlay interfaces
Alert libraryCommon operational misconfigurations and security hygiene issuesShips with the product, enabled by default
Network zonesActivity that crosses a trust boundary it should notZones you define in Settings

Each signal lands in the same Alerts view, with enough context (asset, user, enclave, flow) to triage without pivoting between tools.

Built-in Alert Library

The product ships with an opinionated list of default alerts. They cover situations you want to know about on day one:

  • A new asset appeared on a monitored zone.
  • A device that used to talk stopped talking (missing-asset detection).
  • A service started listening on a port it never listened on before.
  • A flow crossed a zone boundary that should have been isolated.
  • A TLS session fell back to a weak cipher.

You can silence or tune any library alert from the Alerts page.

Configure Rules

How to enable specific Rules in your Access Gate
  1. Navigate to Rules
  2. Toggle [Rule] on or off.

Rule hits appear in the enclave's activity timeline and in the global Alerts view.

How to forward alerts to a SIEM
  1. Navigate to Rules
  2. Click Configure Forward in the top right
  3. Enter the specific ip:port combination that will receive a rsyslog flow of alerts.

Network Zones

Zones are how you tell Access Gate which parts of the network should or should not talk to each other. Once a zone is defined, any flow crossing a boundary is scored and logged, and rules can fire on the crossing itself — not just on the payload.

See Network zones for detection for how to define zones and attach policy to them.

Next
Network Zones for Detection