Help Center
Quick Start
- Overview
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting DataSecurity Plus
- Launching DataSecurity Plus
- Configuring your solution
- Licensing details
- Applying a license
File Auditing
- About File Auditing
- Domain configuration
- File server configuration
- Failover cluster configuration
- NetApp server configuration
- Workgroup configuration
Setting up File Audit
Dashboard
Reports
Alerts
Configuration
Storage Configuration
File Analysis
- About File Analysis
- On-Demand Reports
Setting up File Analysis
Dashboard
Reports
Alerts
Configuration
Data Risk Assessment
- About Data risk assessment
Setting up Data risk assessment
Dashboard
Reports
Ownership analysis
Configuration
Endpoint DLP
- About Endpoint DLP
Setting up Endpoint DLP
Reports
Alerts
Prevention policies
Configuration
Cloud Protection
- About Cloud Protection
- Gateway Server Configuration
- Certificate Authority Configuration
- Gateway Configuration in Endpoint
- Manage Certificate Trust Store
- Threat Analytics Database
- Manage Banned Applications
- Manage Authorized Applications
- Gateway Server Failover
- Two-way SSL configuration
- Global Insight
- Application Insight
- User Insight
- Shadow Application Insight
- Banned Application Insight
- Cloud App Discovery
- Cloud Access Reports
- Application Insights
- Shadow Cloud Application Reports
- Banned Cloud Application Reports
- File Upload & Download Reports
Setting up Cloud Protection
Dashboard
Reports
Control Policies
Storage Configuration
Administrative settings
- Technician configuration
- Notification filters
- Manage agent
- Agent settings
- SIEM integration
- Business hours configuration
- Two-factor authentication
- Workgroup configuration
- Security policy
Email configuration
General settings
- Connection
- Personalize
- DataSecurity Plus Server
- Privacy Settings
- Disk utilization
- Schedule Retention Policy
Policy Configuration
Release notes
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
Troubleshooting
- HTTP communication failure
- Dormant DataEngine
- Secure Gateway server failure
- RPC communication failure
- Known issues and limitations
- Known errors and solutions
Guides
- Agent document
- How to Migrate/Move DataSecurity Plus
- How to apply SSL certificate
- How to automate DataSecurity Plus database backup
- How to set alerts in DataSecurity Plus
- How to secure your DataSecurity Plus installation
Configuring alerts in the Risk Analysis module
Users can configure an alert to trigger email notifications when content that matches the alert's conditions is found in your data repository. The alert conditions you can configure include the File Name, Location, File Type, File Owner, and Policy. The notifications will be triggered every time DataSecurity Plus finds a file containing content that matches the alert conditions.
The triggered alert notification will include details on the file name, location, risk score, matched policies, number of occurrences within the file, and more.
The default alert profile
You can find and edit the default alert profile by following the steps below:
- Select Risk Analysis from the modules drop-down.
- Go to Configuration > Data Discovery Settings > Alert Profile.
- The Configured Alert Profiles page shows the built-in alert rule offered by DataSecurity Plus.
- Click the edit icon next to the default alert profile.
- Update details such as the data source, severity, description, and conditions for the alert based on your requirements.
- Click Save.
Creating and editing alerts
A) Creating alerts
Alerts allow users to inform stakeholders whenever a file containing high-value content is found. An alert profile can be used to:
- Ensure data subjects' access requests are met.
- Find all the locations where proprietary information is stored.
- Locate employees' or customers' personal information.
To create new alert profiles, follow these steps:
- Select Risk Analysis from the modules drop-down.
- Go to Configuration > Data Discovery Settings > Alert Profile.
- Click the Create Alert button in the top-right corner.
- Name the alert profile and include an appropriate description.
- Select the data source for which you want to configure the alert.
- Choose the alert severity.
- In the Criteria section, use the following tabs to narrow down the criteria that trigger an alert:
- 7.1. Use the Include tab to provide details on when to trigger an alert.
- 7.2. Use the Response tab to configure the actions below:
- Click Email > Enable email notification.
- Provide the email addresses that you wish to send the alert email to. Separate the addresses with commas. Ensure that there are no spaces in the email addresses.
- Assign a Priority level to the email.
- Personalize the email by providing a Subject and Message. By using the Customize option next to each, you can include alert details such as the policy name and file name.
- If necessary, you can limit the number of emails that will be sent to each recipient by configuring an appropriate value in the Send a maximum of section. For instance, you can configure it to Send a maximum of = 1 = mail(s) in = 1 = Hour(s), ensuring that one email is sent each hour when rule-matching content persists.
- Click Script > Enable Script.
- In the Script Files field, select the script of your choice. You can choose from the built-in scripts or create your own.
- In the Arguments field, select the arguments you wish to pass in the intended order of execution.
- Once you have chosen one or multiple responses, click Save.
7.2.1. To send an email notification to a stakeholder:
7.2.2. To automate a response action when the alert is triggered:
For example, to move a particular sensitive file to a different location, configure the alert settings using the details below.
Include: Policy = Equals = PCI DSS
Location = Contains = Sebastian
Script Files: Movefile (custom script)
Arguments: File Name and Location
You can find a report with details about the triggered alerts under Risk Analysis > Reports > Record Details > Alert Records.
B) Editing alerts
To edit existing alert profiles, follow the steps below:
- Select Risk Analysis from the modules drop-down.
- Go to Configuration > Data Discovery Settings > Alert Profile.
- On the Configured Alert Profiles page, within the Actions column, click the edit icon next to the alert you want to edit.
- Update the profile's Include and Response criteria with the required changes.
- Click Save. The alert profile will be modified.
Automated alert responses
Users can instruct the Risk Analysis module to execute a scripted response action when an alert is triggered. For this, you must link the desired script file in the Script Files field while configuring alerts. These script files can be PowerShell files, VBScript files, executables, and batch files. These will be executed based on the defined conditions.
To target these commands, configure one or more Arguments to provide the necessary inputs in the commands. The selected parameters will be replaced in the commands by the corresponding values from the alert event.
Arguments and their descriptions
The arguments below can be used based on the alert profile configured.
Argument | What it refers to | Example (How it will be displayed in the alert notification) |
Policy | The name of the data discovery policy that the data matches | GDPR Policy |
File Name | The name of the file for which the alert was triggered | GDPRdata.txt |
Location | The network path of the file containing the rule-matching content | \\DSPDEMO\Test\Exclude.txt |
File Type | The extension of the file containing the rule-matching content | .txt |
File Owner | The owner of the file containing the rule-matching content | dsp\administrator |
Example of a notification email for a triggered alert
Generating a password for alert scripts
We recommend generating an encrypted password for your script files, which is used for authentication when executing the intended scripts. To set a password, follow these instructions:
- Navigate to [installation_directory]\bin\alertScripts > helper folder.
- Execute the generatePassword.bat script to set up authentication.
- In the Windows PowerShell credentials request window, enter your PowerShell credentials beside the User name and Password fields to generate an encrypted password. Ensure that you give the correct password to authenticate the server.
- Click OK.
Disabling and deleting alerts
A) Disabling alerts
You can disable an alert to temporarily stop it from being triggered. To disable an existing alert:
- Select Risk Analysis from the modules drop-down.
- Go to Configuration > Data Discovery Settings > Alert Profile.
- On the Configured Alert Profiles page, within the Actions column, you'll find a green icon indicating the target alert's active status. Click the green icon to disable that alert.
B) Deleting alerts
To delete an existing alert:
- Select Risk Analysis from the modules drop-down.
- Go to Configuration > Data Discovery Settings > Alert Profile.
- On the Configured Alert Profiles page, select the alert profiles that you want to delete and click the delete icon. The selected alerts will be deleted.
For more information on configuring alerts in DataSecurity Plus, refer to this guide.