Alerts are notifications that inform investigators of specific activities (potentially harmful/forbidden actions) on target computers with Clients installed on them, and allow the investigators to respond to such activity quickly without needing to perform searches.
The alert system can be used for two purposes:
• Immediate response: This allows investigators to get information immediately about a forbidden action, and respond to it quickly (i.e. almost immediately). You can also set an alert to automatically block a user or kill a process.
• Delayed response: This allows investigators to get information on a batch of forbidden actions on multiple Clients, analyze them, and then respond.
Table of Contents
- Viewing Alerts
- Default Alerts
- Alerts Management
- Adding Alerts
- Alert Rules
- Enabling/Disabling Alerts
- Editing Alerts
- Assigning Alerts to Clients
- Exporting and Importing Alerts
- Deleting Alerts
- Defining Global Alert Settings
- Getting Information on Alert Events