Creating Alert Rules

To create an alert rule:

  1. Navigate to Compliance > Alert Rules.

  2. Click New Rule at the top right of the screen to open the New Alert Rule screen.

  3. Select the Rule Type in the Trigger section.

    1. For a “Single Activity” trigger, a single activity matching the Rule Criteria creates an alert.
      For example, an Email notification will be sent for each Add Permission action on a Sensitive resource.

    2. For a Threshold trigger, multiple activities matching the Rule Criteria, and occurring within a specific time window, create an alert.
      Users can configure threshold alerts, based on suspicious behavior, and not just based on a single action.
      For example, the fact that one user has performed 500 activities on a specific resource might be more suspicious than if the user had performed a single activity on that resource.

  1. All mandatory fields should be full before saving the rule.

  2. See sections below for more information on Scope, Filters, and Responses for alerts.