Help CenterFile Audit Endpoint Security File Analysis Risk Analysis Release Notes
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting datasecurity plus
- Launching datasecurity plus
- Configuring your solutions
Setting up File Audit
- Predefined audit reports
- Creating new audit reports
- Creating new alert profiles
- Creating new incident profiles
- Configuring exclusion-based settings
- Configuring retention and archive settings
Setting up Endpoint Security
Setting up File Analysis
Setting up Data Risk AssessmentDashboard
About DataSecurity Plus
How-ToQuick Start File Audit Endpoint Security Risk Analysis File Analysis About DataSecurity Plus Release notes Contact us
Creating new alert profiles
Follow the steps below to configure new alert profiles:
- Click the File Audit tab. Go to Configuration > Settings > Alert Configuration.
- Choose the server for which the alerts are to be configured.
- Click + Add Alerts in the top-right corner
- Name the alert profile and include an appropriate description.
- Choose the severity level of the alert.
- Navigate to the Threshold Limit section and enable it. Specify the desired threshold value (e.g., "100 file modifications in one minute").
- In the Script file path field, select the destination of the script that needs to be run and its corresponding arguments, if any.
- Move to the Email Notifications section, check the box, and specify one or more email addresses you'd like to send alerts to.
- In the Criteria section, add filters as desired.
Example:To alert on all instances of video files in your environment, choose:
- Users: All
- Actions: All
- Monitor Object: All
- Monitor Type: Files and folders
- File Types: Video files
- Use the Exclude option to exempt trusted users, groups, or files from that particular alert.
- Click Save.
Tip:You should only use threshold limits to monitor and alert on changes, anomalous events, and sudden spikes that occur due to malware, privilege escalation, and more.
Note:Keeping a low threshold count could result in numerous false positives.
Tip:The default script shuts down the machine in the event of a policy violation, i.e. "
Note:You can also execute your own scripts to perform actions tailored to your organization's needs, such as disconnecting the user session or isolating the machine from the network.
Note:Configuration based on exclusion has higher priority than inclusion.
Tip:You can exclude admin groups and other trusted entities from reports, alerts, and incidents by following these steps.