Examples of Alert Rules


1. To set up an alert notification about any user opening the facebook.com website on the computers being investigated, select the URL parameter and, in the Value field, enter facebook.com.

   

NOTE: The URL Monitoring option must be enabled for the Client.

2. To set up an alert notification about any user opening any other website except Facebook on the computers being investigated, select the Not like operator:

   

3. To set up an alert notification about a specific user (e.g. Stefan) opening Facebook on the computers being investigated, define the following parameters:

   

    If you enter more than one user, the alert notification will be sent if any of them (Stefan or Rick) opens Facebook:

   

    If you use the Not like operator with the users entered, the alert notification will be sent if any user except for Stefan or Rick opens Facebook:

   

4. To set up an alert notification about any user opening the skype.exe application on the computers being investigated, define the following parameters:

   

    If you use the Not equals operator, the alert notification will appear if any application except Skype is opened:

   

5. To set up an alert notification about a specific user (e.g. Stefan) opening facebook.com in the Chrome browser, define the following parameters:

   

6. To set up an alert notification about USB-based storage devices being plugged in to the computers being investigated, define the following parameters:

   

7. To set up an alert notification about the entering of any command using sudo or su on the computers being investigated, define the following parameters:

   

8. To set up an alert notification about any user belonging to a specific domain group accessing the Client computers being investigated, define the following parameters:

   

9. To set up an alert notification about opening Facebook on any computer belonging to a specific domain group, define the following parameters:

   

NOTE: Such alerts need to be assigned to the All Clients group to work correctly.

10. To set up an alert notification about any user belonging to a specific domain group opening the skype.exe application on any Client computer belonging to a specific domain group, define the following parameters: