Alerts are notifications that inform investigators of specific activities (potentially harmful/forbidden actions) performed by users on target computers with Clients installed on them, and allow the investigators to respond to such activity quickly, without needing to perform searches.
The system of alerts can be used for two purposes:
• Immediate response: This allows investigators to get information immediately about a forbidden action, and therefore respond to it quickly, and an alert can also be set to automatically block a user or kill a process.
• Delayed response: This allows investigators to get information on a batch of forbidden actions on multiple Clients, analyze them, and then respond.
Table of Contents