Creating new alert profiles

Follow the steps below to configure new alert profiles:

• Click the File Audit tab. Go to Configuration > Settings > Alert Configuration.
• Choose the server for which the alerts are to be configured.
• Click + Add Alerts in the top-right corner
• Name the alert profile and include an appropriate description.
• Choose the severity level of the alert.
• Navigate to the Threshold Limit section and enable it. Specify the desired threshold value (e.g., "100 file modifications in one minute").

Tip:You should only use threshold limits to monitor and alert on changes, anomalous events, and sudden spikes that occur due to malware, privilege escalation, and more.

Note:Keeping a low threshold count could result in numerous false positives.

• In the Script file path field, select the destination of the script that needs to be run and its corresponding arguments, if any.

Tip:The default script shuts down the machine in the event of a policy violation, i.e. "\bin\alertScripts\triggershutdown.bat %server_name%".

Note:You can also execute your own scripts to perform actions tailored to your organization's needs, such as disconnecting the user session or isolating the machine from the network.

• Move to the Email Notifications section, check the box, and specify one or more email addresses you'd like to send alerts to.
• In the Criteria section, add filters as desired.

  Example:To alert on all instances of video files in your environment, choose:

  • Users: All
  • Actions: All
  • Monitor Object: All
  • Monitor Type: Files and folders
  • File Types: Video files
• Use the Exclude option to exempt trusted users, groups, or files from that particular alert.

Note:Configuration based on exclusion has higher priority than inclusion.

• Click Save.

Tip:You can exclude admin groups and other trusted entities from reports, alerts, and incidents by following these steps.