Help Center

File Audit Endpoint Security File Analysis Risk Analysis Release Notes

Setting up File Audit

Dashboard

Reports

Alerts

Incidents

Advanced configurations

Setting up Endpoint Security

Reports

Advanced configurations

Setting up File Analysis

Dashboard

Reports

Incidents

Configuration

Setting up Data Risk Assessment

Dashboard

Reports

Advanced configuration

Quick Start File Audit Endpoint Security Risk Analysis File Analysis About DataSecurity Plus Release notes Contact us

2018

2017

2016

2015

Account Logon » Default Port Configuration

Creating new alert profiles

Follow the steps below to configure new alert profiles:

  • Click the File Audit tab. Go to Configuration > Settings > Alert Configuration.
  • Choose the server for which the alerts are to be configured.
  • Click + Add Alerts in the top-right corner
  • Name the alert profile and include an appropriate description.
  • Choose the severity level of the alert.
  • Navigate to the Threshold Limit section and enable it. Specify the desired threshold value (e.g., "100 file modifications in one minute").
  • Tip:You should only use threshold limits to monitor and alert on changes, anomalous events, and sudden spikes that occur due to malware, privilege escalation, and more.

    Note:Keeping a low threshold count could result in numerous false positives.

  • In the Script file path field, select the destination of the script that needs to be run and its corresponding arguments, if any.
  • Tip:The default script shuts down the machine in the event of a policy violation, i.e. "\bin\alertScripts\triggershutdown.bat %server_name%".

    Note:You can also execute your own scripts to perform actions tailored to your organization's needs, such as disconnecting the user session or isolating the machine from the network.

  • Move to the Email Notifications section, check the box, and specify one or more email addresses you'd like to send alerts to.
  • In the Criteria section, add filters as desired.

    Example:To alert on all instances of video files in your environment, choose:

    • Users: All
    • Actions: All
    • Monitor Object: All
    • Monitor Type: Files and folders
    • File Types: Video files
  • Use the Exclude option to exempt trusted users, groups, or files from that particular alert.
  • Note:Configuration based on exclusion has higher priority than inclusion.

  • Click Save.
  • Tip:You can exclude admin groups and other trusted entities from reports, alerts, and incidents by following these steps.

×

Thanks for your interest in DataSecurity Plus' Private Beta!

Please let us know your mail ID so we can send the beta download link.

Thanks! Kindly check your mailbox for the link.
  • Please enter a valid Business Email
    Please enter your Business Email
  • By clicking 'Send me the link', you agree to processing of personal data according to the Privacy Policy.