Are you enjoying reports but want to be notified about some actions immediately? Take advantage of alert notifications to ensure your response team never misses a security incident and keeps tabs on the most critical pieces of your business infrastructure such as changes to Azure AD admin rights or activity in folders containing personal or card payment data.
Depending on your company change control policies and revision routines, it can take days to discover an issue using regular reviews with Auditing or Reports. Alerts look for the same data as reports but notify you as soon as the action occurs. Sent directly to email, alerts warn your authorized personnel about a possible threat once the triggering action occurs and is processed by the product. Additionally, alert can remotely feed data to SIEM systems such as Splunk and various syslog-compatible solutions
Cygna Auditor flexible configuration enables you to tailor alerts to your organization's specific needs and be notified on changes that matter to you the most while reviewing less important changes in due course. You enable alerting for any built-in report or you can create a custom report and set notifications for it.
Note: To be able to send alert notifications, configure SMTP settings. On the product home page, navigate to Configuration / System and complete the fields.
To enable alerting:
- Navigate to the Reports.
Expand options next to a report and select Alerts.
On the Smart Alerts tab, turn on smart alerting if you want to receive alerts only when a certain condition is met. Generally, the alert is sent every time the event occurs. With smart alerts, you can cofigure rules to trigger an alert notification. For example, when monitoring faield logon attempts, configure Cygna Auditor to send an alert when an event happens five times within two minutes and then surpress notifications for 3 minutes.
Add criteria to send alerts, for example, when push alerts only when the event is permored by the same user or on the same object.
On the Notifications tab, specify email recipients who should be warned if the action occurs.
On the Remote Logging tab, enable pushing events to a remote logging SIEM system (e.g., Splunk).
On the Event Log tab, enable writing alert events to Windows Event Log.
On the Teams Notification tab, enable Teams alerts and specify a channel. Make sure you have an active Microsoft 365 subscription.