Introduction to the Alerts
The Alerts report shows all the rule violation incidents (triggered by the regular Rules) and any anomalies (triggered by the Anomaly Rules). The report shows the date/time the incident happened, which user was involved, what policy and rule were violated, what action was taken by the system and a description of the incident (i.e. what applications the employee was using and what triggered the alert).
The report also shows a trend graph for the number of alerts triggered over the period. Like all other reports, you can view a session recording of an alert incident by clicking the movie camera icon on the Employee column. Same way, you can also export an alert report or schedule it for auto delivery to selected email addresses. Check out the Performing Common Reporting Tasks section to learn how to perform these common report actions.
Accessing the Alerts Menu
- Hover your mouse over the BEHAVIOR menu, then
- Select Alerts from the sub-menu.
Applying the Alert Filters
- There are multiple ways to filter the Alerts report. You can do so by using the drop-down menus located at the top-left corner of the report. You can filter by Policy, Severity, Tags or Actions. This is helpful if you have many alerts and wanted to narrow down the list.
Showing / Hiding Alert Triggers
- You can use the SHOW TRIGGERS button to toggle the display of additional information about a rule violation incident. When triggers are turned on, the Display column will show additional information such as what part of the rule condition was trigger and for which activity or content.