Help Center

Quick Start

File Auditing

File Analysis

Data Risk Assessment

Endpoint DLP

Cloud Protection

Administrative settings

General settings

Release notes

Troubleshooting

Guides

Third-party software Contact us

Configuring alerts in File Analysis

To configure alerts in the File Analysis module:

  • Select File Analysis from the application drop-down menu at the top.
  • Go to Configuration.
  • On the left-hand menu, go to Settings > Alert Configuration.
  • Click the + Create Alert button at the top-right corner.
  • Provide a suitable name for the alert.
  • Under Alert Source, choose File Metadata for file security events or choose Disk Usage for file storage events.
  • Describe the new alert with required information.
  • From the drop-down, classify the alert based on Severity.
  • Under Criteria, provide details on when to trigger alerts with the Include configuration.
  • To narrow down the reports and reduce false positives, you can choose to add details in the Exclude configuration tab.
  • In the Response tab, you can enable email notifications, write custom scripts, or choose to move or delete files.

    Note: The move response supports only the following UNC formats:

    \\MachineName\HiddenDriveShare\

    \\MachineName\Share\Folder\

    Example 1: To move a file to folder Myfolder within drive C in server S01, configure the destination path as \\S01\C$\Myfolder

    Example 2: To move a file to folder Myfolder within Myshare in server S01, configure the destination path as \\S01\Myshare\Myfolder

    Tip: Scripts are by far the most underrated response strategy. You can run scripts to shut down servers, stop user sessions, disable accounts, and much more. Do you want to request a custom response? Contact our support team.

  • Once you have chosen one or multiple responses, click Save.

Instructions on how to write and use custom scripts in DataSecurity Plus

Choose your response to a triggered alert from the predefined scripts available or write your own.

Step 1: Add the script file path

Enter the command line needed to execute the scripts in the Script file path text box. Check the examples below for reference.

Example 1: "C:\users\example.exe"

Example 2: "C:\demo\disableuser.bat"

Example 3: powershell.exe - file "C:\users\administrator\test.ps1"

Example 4: wscript "C:\users\sample.vbs"

Step 2: Choose arguments from the drop-down

Choose additional event parameters to be passed as command line arguments.

Example: To disable a user who is deleting critical files, configure the settings using the details below.

Script file path : "C:\demo\disableuser.bat"

Arguments: Username

Don't see what you're looking for?

  • Visit our community

    Post your questions in the forum.

     

  • Request additional resources

    Send us your requirements.

     

© 2023 Zoho Corporation Pvt. Ltd. All rights reserved.