Define rules that generate User Alerts

You can use different kinds of checks that generate User Alerts.

To see all the available User Alert Checks, select Configuration, then browse to Administration > Other Elements > User Alert Checks.

For more details about the product and how to configure features, click Help or press F1.

Steps

Select Menu > System Tools > Configure User Alerts.
Click Add, then select Tools > New > User Alert Check.
Configure the settings, then click OK.
To disable a User Alert Check, deselect the checkbox to the left of the User Alert Check.
If you do not want to use a system User Alert Check, you must disable the check.
Click OK.

Domain Properties dialog box — User Alerts tab

Use this dialog box to define the User Alert Checks that generate User Alerts.

Option	Definition
Enabled column	When the checkbox is selected, the User Alert Check is enabled. You cannot delete system User Alert Checks, so if you do not want to use the User Alert Check, you must disable it.
Name	The name of the User Alert Check.
Threshold	Shows a summary of the defined threshold.
User Alert	Shows which User Alert is generated when the threshold is exceeded.
Comment (Optional)	A comment for your own reference.
Add	Adds a User Alert Check.
Edit	Opens the properties of the selected User Alert Check.
Remove	Removes the selected User Alert Check.

User Alert Check dialog box

Use this dialog box to define the thresholds for User Alert Checks.

Option	Definition
Name	The name of the User Alert Check. If you do not define a name, a name is generated based on the User Alert check type and filters used.
Type	Select the type of User Alert Check. Bandwidth Check — Checks based on amount of bandwidth consumed by the user. For example, using non-business related applications to consume large amounts of bandwidth. Web Content Check — Checks based on websites that the user visits. Uses URL Category and Network Application elements, for example. Access Check — Checks based on accessing a particular network. For example, users connecting to resources in a particular region. File Transfer Check — Checks based on file types that are handled by the user. Attack Situations Check — Checks that are triggered if an attack Situation is associated with a user. Endpoint Check — Checks based on information from ECA. For example, the applications that a user is using.
Filter	Click Add > Select to select the elements to filter by. For example, to get an alert when a user transfers a document, select the Document tag. You can add multiple rows to the filter. Click Remove to remove a row. To save the filter as a local filter, click Save.
Threshold	The threshold options depend on the type of User Alert Check. Single Event — The User Alert is generated the first time that the threshold is exceeded. Event Count — The User Alert is generated after the specified number of times that the threshold is exceeded within the specified time period. Bandwidth Count — The User Alert is generated when the specified volume of data is used within the specified time period.
User Alert	Select which User Alert is generated when the threshold is exceeded.
Severity	Set the severity for the User Alert.
Category (Optional)	Includes the element in predefined categories. Click Select to select a category.
Comment (Optional)	A comment for your own reference.