Alert Delivery
Choose one or more delivery methods for this alert. Each delivery type can be enabled and configured independently.
Send alert notifications to one or more email recipients.
- Enable email alert – Turns email delivery on or off for this alert.
- Email Recipients – Enter one or more email addresses. Separate multiple addresses with semicolons.
- Email Template – Select the template used to format the email notification.
- Email Priority – Sets the email priority (for example, Normal).
Event Log
Write notification events to the Windows Event Log under the Cygna Auditor source.
- Enable event log – Turns Event Log delivery on or off for this alert.
File Share
Write alert output to a destination file share. The target server and share must already exist.
- Enable file share alerts – Turns file share delivery on or off for this alert.
- Credentials (optional) – Specify an account and password to access the share. If left blank, the scheduler service account is used.
- Add a file share – Adds a new destination share for this alert.
Microsoft Teams
Deliver alerts to email-enabled Microsoft Teams channels.
- Enable Microsoft Teams email alert – Turns Teams delivery on or off for this alert.
- Email Template – Select the template used for the Teams message content.
- Microsoft Teams Channels – Search and add channels to notify. Enter at least 3 characters to begin searching.
Remote Logging
Send an event to a configured remote logging service (configured under Cygna configuration settings).
- Enable remote logging – Turns remote logging delivery on or off for this alert.
Smart Alert
Suppress duplicate notifications by requiring repeated events that match selected criteria.
- Enable smart alerts – Turns smart alert evaluation on or off for this alert.
- Threshold and window – Only alert when an event occurs at least N times within time window, then suppress for suppress duration.
- Smart alert event criteria – Choose one or more matching rules:
- performed by the same user
- occurring on the same object
- occurring for the same source
- events of the same action
Webhook
Send alert notifications to an external system using HTTP requests.
- Enable webhook – Turns webhook delivery on or off for this alert.
- Method – Select how the webhook is delivered:
- POST – Sends a JSON payload containing audit event data (recommended).
- GET – Calls the URL without a request body (trigger-only use cases).
- URL – Enter the destination endpoint that will receive the webhook request.
- Allow untrusted certificates – Allows HTTPS connections to endpoints using self-signed or untrusted TLS certificates (not recommended for production).
- Send full audit event details – When enabled, sends full event details; when disabled, sends only the columns defined in the report.