Skip to main content
Skip table of contents

Examples of Alert Rules


1. To add an alert notification rule for any user opening the facebook.com website on the computers being investigated, select the URL parameter and, in the value field, enter facebook.com.

   

NOTE: The URL Monitoring option must be enabled for the Client.

2. To add an alert notification rule for any user opening any other website except Facebook on the computers being investigated, select the Not like comparison operator:

   

3. To add alert notification rules for a specific user (e.g. Stefan) opening Facebook on the computers being investigated, define the following parameters:

   

    If you enter more than one user, the alert notification will be sent if any of them (Stefan or Rick) opens Facebook:

   

    If you use the Not like comparison operator with more than one user entered, the alert notification will be sent if any user except Stefan or Rick opens Facebook:

   

4. To add an alert notification rule for any user opening the skype.exe application on the computers being investigated, define the following parameters:

   

    If you use the Not equals comparison operator, the alert notification will be sent if any application except Skype is opened:

   

5. To add alert notification rules for a specific user (e.g. Stefan) opening facebook.com in the Chrome browser, define the following parameters:

   

6. To add alert notification rules for USB-based storage devices being plugged in to the computers being investigated, define the following parameters:

   

7. To add alert notification rules for any user entering any sudo or su command on the computers being investigated, define the following parameters:

   

8. To add an alert notification rule for any user belonging to a specific domain group accessing the Client computers being investigated, define the following parameters:

   

NOTE: For the "User Belonging to Domain Group" alert rule parameter type, the comparison operator is the name the Active Directory domain name (instead of the usual comparison operators: "Equals", "Like", "Not equals", or "Not like").

9. To add alert notification rules for any user opening Facebook on any computer belonging to a specific domain group, define the following parameters:

    

NOTE: For the "Computer Belonging to Domain Group" alert rule parameter type, such alerts need to be assigned to the All Clients group to work correctly.

10. To add alert notification rules for any user belonging to a specific domain group opening the skype.exe application on any Client computer belonging to a specific domain group, define the following parameters:

   

NOTE: For the "User Belonging to Domain Group" alert rule parameter type, the comparison operator is the name the Active Directory domain name (instead of the usual comparison operators: "Equals", "Like", "Not equals", or "Not like").

NOTE: For the "Computer Belonging to Domain Group" alert rule parameter type, such alerts need to be assigned to the All Clients group to work correctly.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.