Alert Rules

Alert Rules define activity-based criteria for generating system alerts, including notifications and customized responses, such as email, SysLog, or UserExit.

For defining alert rules, navigate to Compliance > Alert Rules

For viewing and investigating alerts, navigate to Forensics > Activities

Examples of alert rules include:

• A file under \\FileStorageApplication\HR is deleted by a user who is not a member of the HR department.

• A specific user reads more than 1000 files in one minute (considered a suspicious activity, regardless of whether the user or malware initiated the activity).

To view existing alert rules:

1. Navigate to Compliance > Alert Rules.

Note: All alerts, including alerts in the Resources section, display in this screen.

2. Click Include Resource-based Rules to view alerts from Resources.

3. You can filter the screen by:

• Rule Name

• Status – activate or deactivate an alert rule from the main screen – there is no need to access the rule.