How to configure alerts in DataSecurity Plus

1. Check the box to enable a Threshold Limit.
2. Select the minimum number of events after which the alert should be triggered. Specify the interval within which the minimum number of events has to occur.
3. Set the source based on users, processes, or another source.

Specify the events that will trigger the new alert by applying filters in the Criteria section. You can define the criteria using the Include or Exclude options.

In the Include tab:

1. Select the parameter for which you need to set the alert condition from the drop-down. Example: Action
2. Select the operator from the middle drop-down. Depending on the parameter you choose, the operator will be auto-populated. Example: In
3. Provide the value for the parameter based on which the alert will be triggered. Example: Rename

Use the + option to add more inclusion criteria.

Similarly, you can trigger an alert by defining the exclusion criteria in the Exclude tab.

These users, file paths, or other entities configured will be overlooked while monitoring file servers.

When an alert is triggered, you can:

• Enable email notifications: Be notified via email as soon as an alert is triggered. Specify the maximum number of emails sent to your inbox to avoid email fatigue.
• Customize script responses: Create scripts and define argument parameters to initiate responses as soon as an alert is triggered or choose from default scripts located in [installation_directory]\bin\alertScripts.

Emails can be sent to:

1. Any specific email address.
2. Owners: The creator of the file.
3. Callers: The user whose actions have triggered the alert.

The priority flagged in the email can be set to:

1. Normal.
2. High.

The subject of the email can be set to:

1. Any customized text.
2. Alert information variables provided in the drop-down. (Click Add to view the drop-down.)

The message can include:

1. Any customized text.
2. Alert information variables. (Click Add to view the alert information variables.)

You can restrict the number of alert emails by defining the maximum number of emails for the desired time interval.

Define the Alert Name, Alert Description, and Severity.

There are two sources from which alerts can be generated:

1. File Metadata: For alerts focused on file security, and other file properties.
2. Disk Usage: For alerts focused on file storage and drive size growth.

Specify the events that will trigger the new alert by applying filters in the Criteria section. You can define the criteria using the Include or Exclude options.

In the Include tab:

1. Select the parameter for which you need to set the alert condition from the drop-down. Example: Drive Letter
2. Select the operator from the middle drop-down. Depending on the parameter you choose, the operator will be auto-populated. Example: Does not equal
3. Provide the value for the parameter based on which the alert will be triggered. Example: C:\

Use the + option to add more inclusion criteria.

Similarly, you can trigger an alert by defining the exclusion criteria in the Exclude tab.

These file names, file paths, or other entities configured will be overlooked while monitoring file servers.

In the Response tab, configure the follow-up actions that will be initiated immediately after an alert is triggered. Check the boxes to enable the options before configuring them. You can:

In the Include tab:

1. Enable email notifications: Be notified via email as soon as an alert is triggered. Specify the maximum number of emails sent to your inbox to avoid email fatigue.
2. Customize script responses: Create scripts and define argument parameters to initiate responses as soon as an alert is triggered.
3. Move or delete folders or files: Move files or folders to a specific location or delete them at your discretion.

Use the + option to add more inclusion criteria.

Similarly, you can trigger an alert by defining the exclusion criteria in the Exclude tab.

These file names, file paths, or other entities configured will be overlooked while monitoring file servers.

Define the Alert Name, Alert Source, Description, and Severity.

1. In the Include tab, set the desired criteria with the drop-downs.

Example: Policy, Equals, and GDPR in the respective drop-down filters.

2. To receive an alert when two or more criteria are met, set the AND function.
3. To receive an alert when at least one of two or more criteria is met, set the OR function.

In the Response tab, configure the follow-up actions that will be initiated immediately after an alert is triggered. Check the boxes to enable the options before configuring them. You can:

1. Enable email notifications: Be notified via email as soon as an alert is triggered. Specify the maximum number of emails sent to your inbox to avoid email fatigue.
2. Customize script response: Create scripts and define argument parameters to initiate responses as soon as an alert is triggered.

Click the Alert Profile tabs to view the available alerts.

The Alert Name, Alert Source, Description, and Severity are predefined.

Alert Profiles in Endpoint DLP vary based on the source of the alerts. Refer to the individual profile details mentioned below. To modify the alerts, click the edit icon next to the individual alert.

Specify the events that will trigger the new alert by applying filters in the Criteria section. You can define the criteria using the Include or Exclude options.

In the Include tab:

1. Select the parameter for which you need to set the alert condition from the drop-down.
2. Select the operator from the middle drop-down. Depending on the parameter you choose, the operator will be auto-populated.
3. Provide the value for the parameter based on which the alert will be triggered.

Use the + option to add more inclusion criteria.

Similarly, you can trigger an alert by defining the exclusion criteria in the Exclude tab.

These users, file paths, or other entities configured will be overlooked while monitoring file servers. Follow the steps below to customize various alert sources and responses available in the Endpoint DLP module.

These alerts can be used to track sensitive file changes, user activity, or indicators of ransomware attacks.

Define alert responses as required in the Response section. You can choose to dispatch email notifications and/or execute scripts.

Example:
Include: Action, In, Modify
Exclude: Computer Account, In, AdminPC
Threshold: 10 Events, 1 Minute, Any Source
Response: Enable email notification

These alerts are triggered when file events are initiated in USB drives.

Define alert responses as required in the Response section. You can choose to dispatch email notifications, execute scripts, block all USB devices from being used in the source machine, or block the USB device that triggered the alert.

Example:
Include: Action, In, File Copied
Exclude: User Object, In, John
Threshold: 50 Events, in 2 Minutes, by Same User
Response: Block all external storage devices

These alerts monitor print requests.

Define alert responses as required in the Response section. You can choose to dispatch email notifications and/or execute scripts.

Example:
Include: Action, In, File Copied
Exclude: User Object, In, John
Threshold: 30 Events, in 30 Minutes, by Same User
Response: Enable Script

This alert detects critical file copy and paste events.

Define alert responses as required in the Response section. You can choose to dispatch email notifications, execute scripts, or move or delete the files.

Example:
Include: Action, In, File Copied
Exclude: User Object, In, John
Threshold: 30 Events, in 2 Minutes, by Same User
Response: Enable Move/Delete

These alerts monitor outgoing emails for potential data leaks.

Define alert responses as required in the Response section. You can choose the User prompt in Active Responses to warn users about policy violations, and/or choose from the Passive Responses, which include dispatching email notifications and executing scripts.

Example:
Include: User Object, In, Mel
Exclude: User Object, In, John
Threshold: 5 Events, in 2 Minutes, by Same User
Response: Enable User prompt, Block

This alert is triggered on the potential upload or download of critical files.

Define alert responses as required in the Response section. You can choose to dispatch email notifications and/or execute scripts.

Example:
Include: Process Name, Contains, Chrome.exe
Exclude: User Object, In, John
Threshold: 20 Events, in 2 Minutes, by Same User
Response: Enable email notification

This alert is triggered when access anomalies are detected in shares.

Define alert responses as required in the Response section. You can choose to dispatch email notifications and/or execute scripts.

Example:
Include: Action, In, File Extension Change
Exclude: User Object, In, None
Threshold: 10 Events, in 1 Minute, by Same User
Response: Enable email notification

In the Response tab of each Alert Profile, configure the follow-up actions that will be initiated immediately after an alert is triggered. Check the boxes to enable the options before configuring them. You can:

1. Enable email notifications: Be notified via email as soon as an alert is triggered. Specify the maximum number of emails sent to your inbox to avoid email fatigue.
2. Customize script responses: Create scripts and define argument parameters to initiate responses as soon as an alert is triggered.
3. Block USBs (only available in the Removable Storage Alert Profiles).
4. Move or delete files (only available in the Clipboard Alert Profiles).
5. Send a prompt to and/or block users from sending emails with files classified as restricted or sensitive (only available in the Email Client Alert Profiles).