Help Center
Quick Start
- Overview
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting DataSecurity Plus
- Launching DataSecurity Plus
- Configuring your solution
- Licensing details
- Applying a license
File Auditing
- About File Auditing
- Domain configuration
- File server configuration
- Failover cluster configuration
- NetApp server configuration
- Workgroup configuration
Setting up File Audit
Dashboard
Reports
Alerts
Configuration
Storage Configuration
File Analysis
- About File Analysis
- On-Demand Reports
Setting up File Analysis
Dashboard
Reports
Alerts
Configuration
Data Risk Assessment
- About Data risk assessment
Setting up Data risk assessment
Dashboard
Reports
Ownership analysis
Configuration
Endpoint DLP
- About Endpoint DLP
Setting up Endpoint DLP
Reports
Alerts
Prevention policies
Configuration
Cloud Protection
- About Cloud Protection
- Gateway Server Configuration
- Certificate Authority Configuration
- Gateway Configuration in Endpoint
- Manage Certificate Trust Store
- Threat Analytics Database
- Manage Banned Applications
- Manage Authorized Applications
- Gateway Server Failover
- Two-way SSL configuration
- Global Insight
- Application Insight
- User Insight
- Shadow Application Insight
- Banned Application Insight
- Cloud App Discovery
- Cloud Access Reports
- Application Insights
- Shadow Cloud Application Reports
- Banned Cloud Application Reports
- File Upload & Download Reports
Setting up Cloud Protection
Dashboard
Reports
Control Policies
Storage Configuration
Administrative settings
- Technician configuration
- Notification filters
- Manage agent
- Agent settings
- SIEM integration
- Business hours configuration
- Two-factor authentication
- Workgroup configuration
- Security policy
Email configuration
General settings
- Connection
- Personalize
- DataSecurity Plus Server
- Privacy Settings
- Disk utilization
- Schedule Retention Policy
Policy Configuration
Release notes
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
Troubleshooting
- HTTP communication failure
- Dormant DataEngine
- Secure Gateway server failure
- RPC communication failure
- Known issues and limitations
- Known errors and solutions
Guides
- Agent document
- How to Migrate/Move DataSecurity Plus
- How to apply SSL certificate
- How to automate DataSecurity Plus database backup
- How to set alerts in DataSecurity Plus
- How to secure your DataSecurity Plus installation
Configuring alerts in the File Analysis module
You can trigger email notifications, execute scripted actions, and move or delete files and folders as responses to alerts on configured drives. However, these alert-triggering events will only be found during scheduled File Analysis scans, not in real time.
Creating alerts
To configure alerts in the File Analysis module, follow these steps:
- Select File Analysis from the modules drop-down.
- Go to Configuration > Settings > Alert Configuration.
- Click the Create Alert button in the top-right corner.
- Provide a suitable name for the alert.
- From the Alert Source drop-down, select File Metadata or Disk Usage.
- Describe the new alert with the required information.
- In the Criteria section, use the following tabs to narrow down the criteria that trigger an alert:
- 7.1. Use the Include tab to provide details on when to trigger an alert.
- 7.2. Use the Exclude tab to exempt trusted entities from the alert.
- 7.3. Use the Response tab to configure certain capabilities:
- Click Email > Enable email notification.
- Provide the email addresses that you wish to send the alert email to. Separate the addresses with commas. Ensure that there are no spaces between the email addresses.
- Assign a Priority level to the email.
- Personalize the email by providing a Subject and Message. By using the Customize option next to each, you can include alert details such as the name of the user, the client, and the IP.
- If necessary, you can limit the number of emails that will be sent to each recipient by configuring an appropriate value in the Send a maximum of section. For instance, you can configure it to Send a maximum of = 1 = mail(s) in = 1 = Hour(s), ensuring that one email is sent each hour if the unusual access pattern persists.
- Click Script > Enable Script.
- In the Script Files field, select the script of your choice. You can choose from the built-in scripts or create your own.
- In the Arguments field, select the arguments you want to pass in the intended order of execution.
- From the Response tab, click Move/Delete > Enable Move/Delete. Select the Delete option if you want to delete an entity if it triggers an alert. If you want to move the entity to a target location, provide the Destination Path under the Move option.
- Once you have chosen one or multiple responses, click Save.
7.3.1. To send an email notification to a stakeholder:
7.3.2. To automate a response action when the alert is triggered:
For example, to change permissions on a particular drive for stale files that were last accessed over two years ago, configure the alert criteria similar to the details below:
Include: Last Access Time = Before = 2 = Year(s)
Drive Letter = Equals = D:\
Script Files: ChangePermissions (custom script)
Arguments: Local Path
7.3.3. To enable the move and delete responses for a specific file:
\\MachineName\HiddenDriveShare\
\\MachineName\Share\Folder\
Example 1: To move a file to the folder Myfolder on drive C on server S01, configure the destination path as \\S01\C$\Myfolder.
Example 2: To move a file to the folder Myfolder in a shared folder Myshare on server S01, configure the destination path as \\S01\Myshare\Myfolder.
Editing alerts
To modify an existing alert:
- Select File Analysis from the modules drop-down.
- Go to Configuration > Settings > Alert Configuration.
- On the Alert Profile page, click the edit icon next to the alert profile that you want to update.
- Update the alert criteria based on your requirements and click Save > OK.
Automated alert responses
Users can instruct the File Analysis module to execute a response action when an alert is triggered during a scan. For this, you must link the desired script file in the Script Files field while configuring alerts. The script files can be PowerShell files, VBScript files, executables, and batch files. These automated, versatile responses help you perform remedial actions the instant a potential issue is detected, reducing the damage caused.
To target these commands at specific entities in your network, configure one or more Arguments to provide the necessary inputs in the commands. The selected parameters will be replaced in the commands by the corresponding values from the alert.
Arguments and their descriptions
The arguments below can be used based on the alert profile configured.
Argument | What it refers to | Example (How it will be displayed in the alert notification) |
Drive Letter | The name of the drive on which the file resides | C:\ |
Server Name | The name of the file server where the files or folders are located | DSPDEMO |
Last Access Time | The most recent time at which the file was accessed | 1672305065 [Unix epoch timestamp] |
Last Modified Time | The most recent time at which the file was modified | 1672305065 [Unix epoch timestamp] |
Creation Time | The exact time at which the user created the file | 1671235784 [Unix epoch timestamp] |
Local Path | The location of the file or folder for which the alert was generated | C:\DSPDEMO\testing\ourfile.txt |
File Name | The name of the file for which the alert was triggered | 35118.ISO |
File Size | The size of the file when the alert event occurred | 163840 [In bytes] |
Is Hidden | The Windows attribute that defines whether the file is hidden or not | false |
File Type | The extension of the file | .doc |
File Type Category | The category to which the file type belongs | Microsoft Word Document |
Monitor Type | Whether the alert was generated for a folder or file | FOLDER/FILE |
Example of a notification email for a triggered alert
Default script response
The DataSecurity Plus installation package contains this built-in script for a commonly used response action:
Script file name | Script action | Applicable argument in the UI | Sample use case |
triggerShutdown.bat | Shuts down computers or servers | Server Name | This can be used to shut down the source machine of the alert-triggering file. In case of a ransomware attack or data breach, the Server Name argument can be used to stop the spread of the incident by shutting down the affected server. |
Generating a password for alert scripts
We recommend generating an encrypted password for your script files, which is used for authentication when executing the intended scripts. To set a password, follow these instructions:
- Navigate to [installation_directory]\bin\alertScripts > helper folder.
- Execute the generatePassword.bat script to set up authentication.
- In the Windows PowerShell credentials request window, enter your PowerShell credentials beside the User name and Password fields to generate an encrypted password. Ensure that you give the correct password to authenticate the server.
- Click OK.
Disabling and deleting alerts
A) Disabling alerts
To disable an existing alert:
- Select File Analysis from the modules drop-down.
- Go to Configuration > Settings > Alert Configuration.
- On the Alert Profile page, within the Actions column, you'll find a green icon indicating the target alert's active status. Click the green icon to disable that alert.
B) Deleting alerts
To delete an existing alert:
- Select File Analysis from the modules drop-down.
- Go to Configuration > Settings > Alert Configuration.
- On the Alert Profile page, select the alert profiles that you want to delete and click the delete icon. The selected alerts will be deleted.
For more information on configuring alerts for DataSecurity Plus, refer to this guide.