Alerts


Alerts are notifications that inform investigators of specific activities (potentially harmful/forbidden actions) on target computers with Clients installed on them, and allow the investigators to respond to such activity quickly without needing to perform searches.

The notifications can be received by email or in the Tray Notifications application. Monitored activity associated with alert events is also marked as alerts in the Session Viewer.


The alert system can be used for two purposes:

• Immediate response: This allows investigators to get information immediately about a forbidden action, and respond to it quickly (i.e. almost immediately). You can also set an alert to automatically block a user or kill a process.

• Delayed response: This allows investigators to get information on a batch of forbidden actions on multiple Clients, analyze them, and then respond.


Table of Contents