Alert Delivery

Choose one or more delivery methods for this alert. Each delivery type can be enabled and configured independently.

E-mail

Send alert notifications to one or more email recipients.

  • Enable email alert – Turns email delivery on or off for this alert.
  • Email Recipients – Enter one or more email addresses. Separate multiple addresses with semicolons.
  • Email Template – Select the template used to format the email notification.
  • Email Priority – Sets the email priority (for example, Normal).

Event Log

Write notification events to the Windows Event Log under the Cygna Auditor source.

  • Enable event log – Turns Event Log delivery on or off for this alert.

File Share

Write alert output to a destination file share. The target server and share must already exist.

  • Enable file share alerts – Turns file share delivery on or off for this alert.
  • Credentials (optional) – Specify an account and password to access the share. If left blank, the scheduler service account is used.
  • Add a file share – Adds a new destination share for this alert.

Microsoft Teams

Deliver alerts to email-enabled Microsoft Teams channels.

  • Enable Microsoft Teams email alert – Turns Teams delivery on or off for this alert.
  • Email Template – Select the template used for the Teams message content.
  • Microsoft Teams Channels – Search and add channels to notify. Enter at least 3 characters to begin searching.

Remote Logging

Send an event to a configured remote logging service (configured under Cygna configuration settings).

  • Enable remote logging – Turns remote logging delivery on or off for this alert.

Smart Alert

Suppress duplicate notifications by requiring repeated events that match selected criteria.

  • Enable smart alerts – Turns smart alert evaluation on or off for this alert.
  • Threshold and window – Only alert when an event occurs at least N times within time window, then suppress for suppress duration.
  • Smart alert event criteria – Choose one or more matching rules:
    • performed by the same user
    • occurring on the same object
    • occurring for the same source
    • events of the same action

Webhook

Send alert notifications to an external system using HTTP requests.

  • Enable webhook – Turns webhook delivery on or off for this alert.
  • Method – Select how the webhook is delivered:
    • POST – Sends a JSON payload containing audit event data (recommended).
    • GET – Calls the URL without a request body (trigger-only use cases).
  • URL – Enter the destination endpoint that will receive the webhook request.
  • Allow untrusted certificates – Allows HTTPS connections to endpoints using self-signed or untrusted TLS certificates (not recommended for production).
  • Send full audit event details – When enabled, sends full event details; when disabled, sends only the columns defined in the report.