Help Center

Quick Start

File Auditing

File Analysis

Data Risk Assessment

Endpoint DLP

Cloud Protection

Administrative settings

General settings

Release notes

Troubleshooting

Guides

Third-party software Contact us

Configuring alerts in File Analysis

To configure alerts in the File Analysis module:

  • Select File Analysis from the application drop-down menu at the top.
  • Go to Configuration.
  • On the left-hand menu, go to Settings → Alert Configuration.
  • Click the + Create Alert button at the top-right corner.
  • Provide a suitable name for the alert.
  • Under Alert Source, choose File Metadata for file security events or choose Disk Usage for file storage events.
  • Describe the new alert with required information.
  • From the drop-down, classify the alert based on Severity.
  • Under Criteria, provide details on when to trigger alerts with the Include configuration.
  • To narrow down the reports and reduce false positives, you can choose to add details in the Exclude configuration tab.
  • In the Response tab, you can enable email notifications, write custom scripts, or choose to move or delete files.

    Note: The move response supports only the following UNC formats:

    \\MachineName\HiddenDriveShare\

    \\MachineName\Share\Folder\

    Example 1: To move a file to folder Myfolder within drive C in server S01, configure the destination path as \\S01\C$\Myfolder

    Example 2: To move a file to folder Myfolder within Myshare in server S01, configure the destination path as \\S01\Myshare\Myfolder

    Tip: Scripts are by far the most underrated response strategy. You can run scripts to shut down servers, stop user sessions, disable accounts, and much more. Do you want to request a custom response? Contact our support team.

  • Once you have chosen one or multiple responses, click Save.

How to write and use custom scripts in DataSecurity Plus

To respond to a triggered alert, you can choose from the predefined scripts available or write your own. To configure a scripted response, follow these steps:

Step 1 - Add the script file path

Enter the path of the script file you want to execute in the designated text box. Check the examples below for reference.

Example 1: "[installation_directory]\bin\alertScripts\Shutdown.exe"

Example 2: For .ps1 script files, prefix the script file path with powershell.exe -file.
powershell.exe -file "[installation_directory]\bin\alertScripts\disableNetwork.ps1"

Example 3: wscript "[installation_directory]\bin\alertScripts\move.vbs"

Note: All alert scripts must be located within the [installation_directory]\bin\alertScripts folder.

Step 2 - Choose arguments from the drop-down

Choose additional event parameters to be passed as command line arguments. If you want to pass multiple arguments, select the arguments in the order in which you want to pass them.

For example, to change permissions given for stale files, configure the alert settings using the below details.

Last Access Time = Before = 2 Year(s)

Script file path: "C:\ProgramFiles\ScriptFiles\ChangePermissions.bat"

Don't see what you're looking for?

  • Visit our community

    Post your questions in the forum.

     

  • Request additional resources

    Send us your requirements.

     

© 2023 Zoho Corporation Pvt. Ltd. All rights reserved.