How to set up alerts and get notified about security incidents in Safetica hosted on-premises

Set up alerts for selected incidents related to data security, user behavior, and the service state of the product. Be notified about these issues either via email or in Safetica Maintenance Console.

For now, this article applies only to Safetica hosted on-premises.

Information about alerts for cloud-hosted Safetica can be found here.

To set up alerts for incidents happening in your environment, you need the companion Safetica Maintenance Console.

In this article, you will learn:

 

Introduction: Why use alerts

Being informed about data loss, insider threats, and risks is the key to mitigating and reacting to these events. To get notified about significant events in data auditing, configure real-time or periodic alerts. Alerts are sent immediately after the operation that triggered them or daily just after midnight.

 

How to set up a new alert

To set up a new alert:

  1. Open the Safetica Maintenance Console and click Alerts in the upper menu. Alerts are set up for the server selected in the user tree on the left.
  2. Click the Settings view and then the New rule button. For each alert set, you can:
    1. Specify its name and description.
    2. Select which alerts will be sent (you can select multiple alerts from the lists). Alerts are divided into three main categories:
      1. Security alerts

      2. Service alerts
      3. Informative alerts
    3. Specify the users, groups, or devices for which the alert will be active.
    4. You can also set up a connection to your SIEM / servers supporting Syslog. Learn more about sending your alerts to SIEM here.
    5. Enter one or more email addresses that receive the alert.

        To send alerts via email, you must configure an SMTP server in Profile > Server settings > Outgoing (SMTP) mail server.

        If you do not enter any email addresses, the alerts will be shown in Safetica Maintenance Console instead. You will see a number above the Alert icon representing the number of unread alerts.

              f.  In the last step of the configuration, click Finish, and the newly created alert set will be added to the alert list.

          3.  To save the changes, click the button on the upper right.

          4.  If a user performs an action that triggers an alert, the alert is sent. Its record also appears in the Records view of the Alerts section. 

         

        What are action triggers

        In the Action triggers section, you can set to run a command or script with particular arguments in a selected folder. The command will be run on the device and under the account of the user who caused the incident. These settings apply to the entire server.


        What can you see in the Records view

        All alerts are recorded, and you can see them in the Records view of the Alert section.

        Records of alerts in Safetica Maintenance Console are visible only to the admin who created the alert. 

        In the upper part of the view, there are statistics and charts. In the bottom part, there is a list of generated alerts. Click a statistic in the upper part, and the bottom part will display only the relevant alerts. New alerts that have not yet been displayed are highlighted.