For the reports in the Audit node of the Discover and Audit node, there is now an option to be able to configure and set alerts for events that come into the Audit Timeline and related reports.
The Alarm settings are found in the filtering options at the top of these reports.
- To configure an alarm, you first need to set up the filters for the alarm to be tracked on. The filters can be set to anything within the context of the available filters. For example to alert on failed logons, use the Logon Failure Activity to filter on. You can also chain multiple filters together.
2. Once the filters are configured, select the Alert Icon to review and enable this as an Alert.
3. Add a list of recipients to receive these alerts. You can also now choose to receive these alerts by SMS.
4. Give this Alert a name. Make it unique as possible as you may set up many of these alerts over time.
5. Once you are happy with the configuration, click on the Save button and the alert will be in effect.
- From this point on, any time an event is raised an alert will be sent to the email addresses configured in the Alert.
- Be careful not to set up the alert to be all too inclusive, as you will get too many alerts.
- Once an alert is configured it can be viewed in the Saved Reports and Alerts node.