Alerts are notifications that inform investigators of specific activities (potentially harmful/forbidden actions) performed by users on target computers with Clients installed on them, and allow the investigators to respond to such activity quickly, without needing to perform searches.
The notifications can be received by email or in the Tray Notifications application. Monitored activity associated with alert events is also marked as alerts in the Session Viewer.
The system of alerts can be used for two purposes:
• Immediate response: This allows investigators to get information immediately about a forbidden action, and therefore respond to it quickly, and an alert can also be set to automatically block a user or kill a process.
• Delayed response: This allows investigators to get information on a batch of forbidden actions on multiple Clients, analyze them, and then respond.
Table of Contents
- Viewing Alerts
- Default Alerts
- Alerts Management
- Adding Alerts
- Alert Rules
- Enabling/Disabling Alerts
- Editing Alerts
- Assigning Alerts to Clients
- Exporting and Importing Alerts
- Deleting Alerts
- Defining Global Alert Settings
- Getting Information on Alert Events