Configuring alerts in the Risk Analysis module

A) Creating alerts

Alerts allow users to inform stakeholders whenever a file containing high-value content is found. An alert profile can be used to:

• Ensure data subjects' access requests are met.
• Find all the locations where proprietary information is stored.
• Locate employees' or customers' personal information.

To create new alert profiles, follow these steps:

• Select Risk Analysis from the modules drop-down.
• Go to Configuration > Data Discovery Settings > Alert Profile.
• Click the Create Alert button in the top-right corner.
• Name the alert profile and include an appropriate description.
• Select the data source for which you want to configure the alert.
• Choose the alert severity.
• In the Criteria section, use the following tabs to narrow down the criteria that trigger an alert:
• 7.1. Use the Include tab to provide details on when to trigger an alert.
• 7.2. Use the Response tab to configure the actions below:

7.2.1. To send an email notification to a stakeholder:

• Click Email > Enable email notification.
• Provide the email addresses that you wish to send the alert email to. Separate the addresses with commas. Ensure that there are no spaces in the email addresses.
• Assign a Priority level to the email.
• Personalize the email by providing a Subject and Message. By using the Customize option next to each, you can include alert details such as the policy name and file name.
• If necessary, you can limit the number of emails that will be sent to each recipient by configuring an appropriate value in the Send a maximum of section. For instance, you can configure it to Send a maximum of = 1 = mail(s) in = 1 = Hour(s), ensuring that one email is sent each hour when rule-matching content persists.

7.2.2. To automate a response action when the alert is triggered:

• Click Script > Enable Script.
• In the Script Files field, select the script of your choice. You can choose from the built-in scripts or create your own.
Note: All script files, including custom-created ones, should be located in the <installation_directory>\bin\alertScripts folder for DataSecurity Plus to execute them.
• In the Arguments field, select the arguments you wish to pass in the intended order of execution.
Note: The Sample command-line format of the script text box illustrates the sequence in which the arguments will be executed.

For example, to move a particular sensitive file to a different location, configure the alert settings using the details below.

Include: Policy = Equals = PCI DSS

Location = Contains = Sebastian

Script Files: Movefile (custom script)

Arguments: File Name and Location

• Once you have chosen one or multiple responses, click Save.

You can find a report with details about the triggered alerts under Risk Analysis > Reports > Record Details > Alert Records.

B) Editing alerts

To edit existing alert profiles, follow the steps below:

• Select Risk Analysis from the modules drop-down.
• Go to Configuration > Data Discovery Settings > Alert Profile.
• On the Configured Alert Profiles page, within the Actions column, click the edit icon next to the alert you want to edit.
• Update the profile's Include and Response criteria with the required changes.
• Click Save. The alert profile will be modified.

Automated alert responses

Users can instruct the Risk Analysis module to execute a scripted response action when an alert is triggered. For this, you must link the desired script file in the Script Files field while configuring alerts. These script files can be PowerShell files, VBScript files, executables, and batch files. These will be executed based on the defined conditions.

To target these commands, configure one or more Arguments to provide the necessary inputs in the commands. The selected parameters will be replaced in the commands by the corresponding values from the alert event.

Arguments and their descriptions

The arguments below can be used based on the alert profile configured.

Example of a notification email for a triggered alert

Generating a password for alert scripts

We recommend generating an encrypted password for your script files, which is used for authentication when executing the intended scripts. To set a password, follow these instructions:

• Navigate to [installation_directory]\bin\alertScripts > helper folder.
• Execute the generatePassword.bat script to set up authentication.
• In the Windows PowerShell credentials request window, enter your PowerShell credentials beside the User name and Password fields to generate an encrypted password. Ensure that you give the correct password to authenticate the server.
• Click OK.
Note: The files relating to password generation will be generated in the helper folder in the [installation_directory]\bin\alertScripts path. For proper functioning of the generated password script file, we recommend that you do not move the helper folder and its files from this location.

Disabling and deleting alerts

A) Disabling alerts

You can disable an alert to temporarily stop it from being triggered. To disable an existing alert:

• Select Risk Analysis from the modules drop-down.
• Go to Configuration > Data Discovery Settings > Alert Profile.
• On the Configured Alert Profiles page, within the Actions column, you'll find a green icon indicating the target alert's active status. Click the green icon to disable that alert.

B) Deleting alerts

To delete an existing alert:

• Select Risk Analysis from the modules drop-down.
• Go to Configuration > Data Discovery Settings > Alert Profile.
• On the Configured Alert Profiles page, select the alert profiles that you want to delete and click the delete icon. The selected alerts will be deleted.