Alerting

Are you enjoying reports but want to be notified about some actions immediately? Take advantage of alert notifications to ensure your response team never misses a security incident and keeps tabs on the most critical pieces of your business infrastructure such as changes to Azure AD admin rights or activity in folders containing personal or card payment data.

Depending on your company change control policies and revision routines, it can take days to discover an issue using regular reviews with Auditing or Reports. Alerts look for the same data as reports but notify you as soon as the action occurs. Sent directly to email, alerts warn your authorized personnel about a possible threat once the triggering action occurs and is processed by the product. Additionally, alert can remotely feed data to SIEM systems such as Splunk and various syslog-compatible solutions (see Remote Logging).

Cygna Auditor flexible configuration enables you to tailor alerts to your organization's specific needs and be notified on changes that matter to you the most while reviewing less important changes in due course. You enable alerting for any built-in report or you can create a custom report and set notifications for it.

QUICK TIP: Don't have access to alerts? You are missing required permissions. Discuss your permission set with Cygna Auditor's global administrator.

Note: To be able to send alert notifications, configure SMTP settings. On the product home page, navigate to Configuration / System Configuration and complete the fields. For more information, see Notifications.

To enable alerting:

QUICK TIP: Not sure what alerts you need? Try asking yourself, "What is the most important piece of my business environment? What changes have the highest impact both from the security and operability point of view?''.
For example, creating a new user in Active Directory is a relatively routine task that does not require supervision or immediate response. On the contrary, adding a user to the Domain Admins group may have a great impact on your domain operability and security. Such changes should be carefully reviewed and approved by authorized personnel as soon as they occur.
  1. Navigate to the Reports.
  2. Expand options next to a report and select Alerts.

  3. Specify email recipients who should be warned if the action occurs. Additionally, you push events to a remote logging SIEM system (e.g., Splunk) or to the Event Log.