Alert Rule Response

The Response section allows users to define a response for an alert.

For example, when a new permission is added to a sensitive resource, all the Data Owners of that resource can receive an email, notifying them that a new permission was added.

To set an alert rule response:

1. Open the Alert Rules page, at Compliance > Alert Rules.

2. Double click the alert rule to edit and scroll to the Response section.

A Response may be one of the following:

• Email to specific email addresses, and / or to the Data Owners who own the resource.

Note: Currently, the Data Owners option is available for Single Activity Alerts, but not for Threshold Alerts.

• Syslog

• User Exit

1. A Response object is created / edited in the File Access Manager administrative client.

2. Click Advanced Settings to select additional option responses.

Note: Use the administrative client to define and customize response options.

Note: File Access Manager Alert Response is the automatic default, since it retains the alert in the database. A user cannot opt out of the File Access Manager Alert Response.

Configuring a Response

Complete the following steps:

1. Within the Administrative Client, navigate to System > Configuration > Activity Monitoring > Responses > Manage Response Configurations.

2. Select Syslog in the Showing Response Configuration of Type drop-down.

3. Click New.

4. Enter the syslog configuration.

5. Click Save.

6. Navigate to System > Configuration > Activity Monitoring > Response > Manage Responses.

7. Create a new Syslog response type. Use the selections on the right side to add variable information to the syslog message.

8. Click Save.

The response is now available to use in Advanced Settings > Other Responses of Alert Rules in the Web interface under Compliance.