Topics on this page
Configure alerts
Alerts are generated when Workload Security requires your attention, such as an administrator-issued command failing, or a hard disk running out of space. Workload Security includes a predefined set of alerts (see Predefined alert definitions). Additionally, when you create protection module rules, you can configure them to generate alerts if they are triggered.
There are several ways to see which alerts have been triggered:
- They are displayed in the Alert Status dashboard widget in the Workload Security console.
- They are displayed on the Alerts page in the Workload Security console (see View alerts in Workload Security).
- You can get an email notification when an alert is triggered (see Set up email notification for alerts).
- You can generate alert reports (see Generate reports for alerts and other activity).
View alerts in the Workload Security console
The Alerts page in the Workload Security console displays all alerts that have been triggered, but not yet responded to. You can display alerts in a summary view that groups similar alerts together, or in list view, which lists all alerts individually. To switch between the two views, use the menu next to Alerts in the page's title. You can also sort the alerts by time or by severity.
In summary view, expanding an Alert panel (by clicking Show Details) displays all the computers (or users) that have generated that particular alert. Clicking the computer displays the computer's Details. If an alert applies to more than five computers, an ellipsis ( ... ) appears after the fifth computer. Clicking the ellipsis displays the full list. Once you have taken the appropriate action to deal with an alert, you can dismiss the alert by selecting the check box next to the target of the alert and clicking Dismiss. In list view, right-click the alert to see the list of options in the context menu.
Alerts that cannot be dismissed (such as "Relay Update Service Not Available") are dismissed automatically when the condition no longer exists.
In cases where an alert condition occurs more than once on the same computer, the alert shows the timestamp of the first occurrence of the condition. If the alert is dismissed and the condition reoccurs, the timestamp of the first reoccurrence is displayed.
You can use the Computers filtering bar to view only alerts for computers in a particular computer group, with a particular policy, and so on.
Unlike security events and system events, alerts are not purged from the database after a period of time. Alerts remain until they are dismissed, either manually or automatically.
Configure alert settings
To configure the settings for individual alerts, go to the Alerts page in the Workload Security console and click Configure Alerts. This displays a list of all alerts. A green check mark next to an alert indicates that it is enabled. An alert is triggered if the corresponding situation occurs, and it appears in the Workload Security console.
You can select an alert and click Properties to change other settings for the alert, such as the severity level and email notification settings.
The following is part of a controlled release and is in Preview. Content is subject to change.
For any "Unable to communicate" alerts, to exclude information about desktop machines, select the Do not send email notifications when this alert condition occurs on Desktop OSs. For this alert, desktop operating systems are defined as Windows (versions 7, 8, 8.1, 10, and 11) and macOS (version 10.15, 11, 12, and 13).
Set up email notification for alerts
Workload Security can send emails to specific users when selected alerts are triggered.
To enable email notifications:
Enable or disable alert emails
- Go to the Alerts page and click Configure Alerts to display the list of alerts.
- A green check mark next to an alert indicates that it is enabled. An alert is triggered if the corresponding situation occurs, and appear in the Workload Security console. If you also want to receive email about the alert, double-click on an alert to display its Properties, then select at least one Send Email.
Configure an individual user to receive alert emails
For accounts created before 2021-08-04:
- Go to Administration > User Management > Users and double-click a user account to display its Properties.
- On the Contact Information tab, enter an email address and select Receive Alert Emails.
For accounts created on or after 2021-08-04:
- Open Workload Security User Properties at the top of the screen.
- On the Contact Information tab, select Receive Alert Emails.
Configure recipients for all alert emails
- Go to Administration > System Settings > Alerts.
- For Alert Email Address - The email address to which all alert emails should be sent, provide an email address or a distribution list email address.
Note that all alert emails are sent to this address or email distribution list, even if the recipients have not been set up in their user account properties to receive email notifications.