Report & Alert Configuration


Report and alert configuration allows you to configure reports and alerts to your liking based on audit requirements of administrators / users. You can configure new profiles or view/modify existing ones with respect to both reports and alerts.



Report Configuration

1. Configuring new Reports

  1. Click on the "Configuration" Tab.

  2. On the left hand side, find and click "Report & Alert Configuration"> "Change and Access Reports".

  3. Choose the server where you want new reports configured > "Add Reports".

  4. Fill in the fields as per your audit requirements.

Note- A report called- "Default Change Audit Configuration" which monitors all actions in all configured files and folders is pre-configured by default.

2. Viewing/Modifying already existing reports

  1. Click on the "Configuration" Tab.

  2. On the left hand side, find and click "Report & Alert Configuration"> "Change and Access Reports".

  3. Choose the server where you want to view/modify existing reports configured> Click on the particular report that you want to view/modify.

  4. Under actions, click on edit configuration and fill in the fields as per your audit requirements.

Note- Make sure the Sync status is successful, if not sync again by clicking on sync profile under actions


Storage reports

  1. Click on the "Configuration" Tab.

  2. On the left hand side, find and click "Report & Alert Configuration"> "Storage Reports"

  3. Fill in the fields as per your audit requirements.


Alert Configuration

1. Configuring new Alerts

  1. Click on the "Configuration" Tab.

  2. On the left hand side, find and click "Report & Alert Configuration"> "Alerts."

  3. Click "alerts" tab > At the top right hand corner find and click "New Alert Profile" (or) Go to the configurations tab > On the left hand side, find and click "Report & Alert Configuration"> "Alerts" > Click "Server Name", choose domain and add server > Click "Add alerts".

  4. Fill in the fields as per your requirements > Click "Save".

2. Viewing/Modifying already existing alerts

  1. Click "alerts" tab > At the top right hand corner find and click "View/Modify Alert Profiles" (or) Go to the configurations tab > On the left hand side, find and click "Report &; Alert Configuration"> "Alerts">

  2. Under actions, click edit configuration for the particular alert> Fill in the fields as per your requirements> Click "Update" if you have made modifications.

3. Advanced configuration

Prioritizing an alert Email -

The Email notifications sent when an alert is generated, can be prioritized using the "E-mail Priority" field. The default is the "Normal Priority", which can be changed to "High Priority" if needed.


Executing a customized response to a triggered alert-

  1. Determine your response to a triggered alert, write a suitable script to generate the response.

  2. The supported scripts are powershell, vbscript, executables and batch.

    To be entered in the "Execute Command" field according to the type of script-

    Executables and Batch Scripts -

    Format: filename [parameter1] [parameter 2] [parameter n]

    Example 1: C:\users\test.bat

    Example 2: C:\users\demo.bat %user_name% %server_name%

    Example 3: C:\users\example.exe

    Powershell Scripts -

    Format: powershell.exe filename [parameter1] [parameter 2] [parameter n]

    Example 1: powershell.exe C:\Users\administrator\test.ps1 %process_name%

    VB Scripts -

    Format: wscript(or)cscript filename [parameter1] [parameter 2] [parameter n]

    Example 1: wscript C:\users\sample.vbs %client_host%

    Example 2: cscript C:\users\demo.vbs


    filename - location (full path) of the script.

    parameter - a parameter acts as input to the script and is customizable.

    Note- The use of parameters is optional

    Note- If the filename contains a space, enclose it within quotes(" ")

  3. List of all parameters which can be used:

  4. How to generate an active response to a potential threat/ransomware?

    There is a sample executable in "{install_location}\bin\alertScripts" which can be used to shudown a system, if a need arises.


Applying Threshold Limit

Use threshold Limit to choose a limit based on number of events occurring within a specific time span due to the same user/ same process/ any source exceeding which an alert can be triggered. Threshold limit helps admin prioritize alerts.