Help CenterFile Audit Endpoint Security File Analysis Risk Analysis Release Notes
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting datasecurity plus
- Launching datasecurity plus
- Configuring your solutions
Setting up File Audit
- Predefined audit reports
- Creating new audit reports
- Creating new alert profiles
- Creating new incident profiles
- Configuring exclusion-based settings
- Configuring retention and archive settings
Setting up Endpoint Security
Setting up File Analysis
Setting up Data Risk AssessmentDashboard
About DataSecurity Plus
How-ToQuick Start File Audit Endpoint Security Risk Analysis File Analysis About DataSecurity Plus Release notes Contact us
Creating new incident profiles
Follow the steps below to configure new incident profiles:
- Click the File Audit tab. Go to Configuration > Settings > Incident Configuration.
- Click Create Incident in the top-right corner.
- Name the incident profile and include an appropriate description.
- Choose the source and severity level of the incident.
- In the Criteria section, add filters as desired.
- Users: All
- Actions: All
- Monitor Object: All
- Monitor Type: Files and folders
- File Types: Video files
- Use the Exclude option to exempt trusted users, groups, or files from that particular incident.
- Enable a threshold and specify the desired threshold value (e.g., "100 file modifications in one minute").
- Choose the appropriate response strategy from the options available (e.g., "delete file").
- Click Save.
Example:To raise an incident for all instances of video files in your environment, choose:
Note:Configuration based on exclusion has higher priority than inclusion.
Tip:You can globally exclude admin groups and other trusted entities from reports, alerts, and incidents by following these steps.
Note:When rules of different policies overlap, the most restrictive rules will apply.