Click here to expand

    How to create an alert profile

    EventLog Analyzer provides predefined alert profiles and the ability to define customized criteria for specific requirements.

    Creating Alert Profiles

    To create an alert profile, click on +Add in the top right corner of the navigation bar. You can also add an alert profile by clicking on the "Add Profile" button in the Manage Profile page.


    Here's what you can do to create an an alert profile:

    1. Enter a unique name for the alert profile.
    2. Assign a criticality to the alerts generated using this profile. Choose from Critical, Trouble and Attention.
    3. Click on the + icon to select device(s) and/or device groups(s) which should generate this alert.
    4. Click on the + icon to define the alert criteria.
    5. The Alert criteria can be chosen from the following categories:
      • Predefined Alerts - choose from a vast collection of predefined alert criteria. This saves time and you can set up an alert profile with minimum effort.
      • Compliance Alerts - Contains a list of pre-defined alert criteria to help you comply with all the IT regulations.
      • Custom Alerts - customize your own alert conditions based on log message, type, and more. This option is useful to set alerts for imported logs.
    6. You can customize your alert message by adding information such as User Account Name and more.
    7. advaned-config-alert
    8. Clicking on +Add near the Alert Format Message section will open another pop-up. There you can set the variables by clicking on the drop down and enter the required message format in the space provided.
    9. alert-format
    10. Click the Save Profile button once you have set all the necessary fields.

    Predefined Alerts

    Select Predefined Alert under Define Criteria:

    • Select the log type and then choose the desired category.
    • Among the reports, select the desired report by clicking on the radio button next to it.
    • Append new criteria to predefined alert by clicking + Add Criteria.
    • You can use the Advanced settings to tweak the alert trigger conditions in order to reduce alert noise. Here you can set the threshold (number of occurrences of an event within a specific time frame) and time range (working hours) for the alert profile.

    You can then specify the notification type for the alert profile.

    Compliance Alerts

    Compliance alerts contain sets of pre-defined compliance related alerting criteria to notify you of any violation of IT regulations. EventLog Analyzer provides granular audit reports to help you comply with compliance regulations such as PCI DSS, SOX, HIPAA, GLBA, PDPA, NIST, CCPA, GDPR, ISO 27001:2013, and more. The compliance alerts detects anomalies such as policy changes, privilege escalations, sensitive file access and modification events, and unauthorized logons to help you mitigate internal and external threats.

    You can then specify the notification type for the alert profile created.

    Custom Alerts

    • You can define 'n' number of criteria and group them with AND/OR operations.
    • To define alert criteria, choose desired attributes from the predefined list.
    • Specify the values for the attributes. Select the comparator and then provide the value for the attributes.
    • With drag and drop, you can group and ungroup the alert criteria.

    Generating Alerts for Imported Logs

    With EventLog Analyzer's Advanced Custom Alert option, you can generate alerts for custom extracted fields for Oracle, Microsoft SQL, print Servers, IIS, and other imported application logs.

    To generate alert for specific custom extracted field of imported log, choose the log type and select the imported log for which you need to trigger alerts. Specify the custom field and its value, upon the occurrence of which the alert has to be triggered. EventLog Analyzer will automatically populate all the custom extracted fields for the selected log type and you choose the field of your choice from the list and then specify the value for the selected custom field.

    Note: To add multiple custom extracted fields, make use of + option.

    You can then specify the notification type for the alert profile created.

    Default Alert Profiles

    EventLog Analyzer has prebuilt alert profiles that are enabled by default. To make it easier for users, newly added devices will also get added automatically to the corresponding alert profile(s) based on the device types selected in the alert profile. For example, firewalls will be automatically added to alert profiles based on network devices.

    You can edit, enable, disable, and delete the default alert profiles.

    Note: When you edit a default custom alert profile, auto-addition will be stopped. For example, if you manually add devices to an alert profile, devices will not be automatically added to that alert profile from then on.
    Get download link