Creating Alert Rules
To create an alert rule:
-
Navigate to Compliance > Alert Rules.
-
Click New Rule at the top right of the screen to open the New Alert Rule screen.
-
Select the Rule Type in the Trigger section.
-
For a “Single Activity” trigger, a single activity matching the Rule Criteria creates an alert.
For example, an Email notification will be sent for each Add Permission action on a Sensitive resource. -
For a Threshold trigger, multiple activities matching the Rule Criteria, and occurring within a specific time window, create an alert.
Users can configure threshold alerts, based on suspicious behavior, and not just based on a single action.
For example, the fact that one user has performed 500 activities on a specific resource might be more suspicious than if the user had performed a single activity on that resource.
-
-
All mandatory fields should be full before saving the rule.
-
See sections below for more information on Scope, Filters, and Responses for alerts.