Security alerts are real-time alerts that inform about events related to data security. They are sent immediately after an incident occurs.
For now, this article applies only to Safetica hosted on-premises.
Please note that in Safetica, the following alerts are missing and will not be sent, even if you select them in the list:
- External device connection blocked (will be available in the near future)
Security alerts are real-time alerts that are sent immediately after an incident occurs.
For some security alerts, you can specify to which data classifications or external devices they will apply. Just click Any data category or All external devices. If no preference is specified, the alert will apply to all classifications and external devices.
Here is an explanation of some of the security alerts:
Alert | Description |
DLP policy violation |
For this alert, specify a data classification (or choose Any data classification), and any DLP incident related to a file that is classified with this data classification will trigger the alert. The alert may be sent once per 10 minutes. If there are more incidents in that time period, only one alert is sent. DLP policy violation alerts can be sent for the following policy actions: Log, Notify, Block, and Block (with override) |
Cumulative DLP policy violation |
Similar to the previous alert but this one is triggered when a user violates a policy 10 times. The alert is sent once per day, and the counter resets at midnight. |
Unprotected sensitive data leaving the endpoint |
This alert is triggered when 10 classified files that were not protected by any policy leave the device. The alert is applied to files with sensitive content - you can set it for selected data classification(s) only. The alert is sent once per day, and the counter resets at midnight. |
Unprotected sensitive data leaving the endpoint to a specific destination |
This alert is triggered when 10 classified files that were not protected by any policy leave to a single* destination. The alert is sent once per day, and the counter resets at midnight. |
Website and Application access denied |
Alerts operations blocked by website and application policies. If a user tries to access a blocked application or website, an alert is immediately sent. |
*What Safetica considers to be a single destination:
- files sent to one email address
- files sent to one website
- files sent to one USB drive
- files sent to one cloud service (web interface or sync client)
- files sent to any instant messaging application
- files sent to any printer (physical or virtual)