Table of contents
Topics on this page
View alerts in the Workload Security console
Configure alert settings
Set up email notification for alerts
Turn on or off alert emails
Configure an individual user to receive alert emails
Configure recipients for all alert emails

Configure alerts

Workload Security generates alerts when it requires your attention, such as an administrator-issued command failing, or a hard disk running out of space. Workload Security includes a predefined set of alerts (see Predefined alert definitions). When you create protection module rules, you can configure them to generate alerts.

There are several ways to see which alerts have been triggered:

View alerts in the Workload Security console

The Alerts page in the Workload Security console displays all triggered alerts that have not been responded to. You can display alerts in a summary view that groups similar alerts together, or in list view which lists all alerts individually. You can also sort the alerts by time or by severity.

If an alert occurs more than once on the same computer, the alert shows the timestamp of the first occurrence. If the condition reoccurs after dismissing the alert, the timestamp of the first reoccurrence is displayed.

  1. To view only alerts for a specific computer, computers in a group, or with a particular policy, use the Computers filter.
  2. In list view, right-click the alert to see the list of options.
  3. In the summary view, click Show Details to display all the computers and users that generated that particular alert.
  4. If an alert applies to more than five computers, an ellipsis (...) appears after the fifth computer. Click the ellipsis to display the full list.
  5. Click the computer to display Details.
  6. After you take the appropriate action for an alert, select the target and click Dismiss.

Alerts that you cannot dismiss are automatically dismissed when the condition(s) that triggered them no longer exists.

Unlike security events and system events, the database does not purge alerts after a period of time. Alerts remain until dismissed, whether manually or automatically.

Configure alert settings

Configure the settings for individual alerts: 1. On the Alerts page, click Configure Alerts to display a list of all alerts.

Enabled alerts have a green checkmark. Workload Security generates an entry under **Alerts** whenever an enabled alert has its condition(s) met.
{: .note }
  1. Select an alert and click Properties to turn the alert on or off, or to change its severity level or email notification settings.
  2. To exclude information about desktop machines, select Do not send email notifications when this alert condition occurs on Desktop OSs. For this alert, desktop operating systems are defined as Windows (versions 7, 8, 8.1, 10, and 11) and macOS (version 10.15, 11, 12, and 13).

This option is part of a controlled release and is in Preview. Content is subject to change.

Set up email notification for alerts

Workload Security can send emails to specific users when specified alerts are triggered. To enable email notifications, choose any of the following procedures: - Turn on or off alert emails. - Configure an individual user to recieve email alerts. - Configure recipients for all alert emails.

Turn on or off alert emails

  1. On the Alerts page, click Configure Alerts to display the list of alerts. A check mark next to an alert indicates that it is enabled. If the defined situation occurs, it triggers an alert.
  2. Double-click an alert to display the Properties.
  3. Select at least one Send Email.

Configure an individual user to receive alert emails

  1. Access user properties:
  2. For accounts created before 2021-08-04, go to Administration > User Management > Users and double-click a user account.
  3. For accounts created on or after 2021-08-04, go to Workload Security User Properties.
  4. For access from the Dashboard, click Edit properties on User Summary for the past 30 days.
  5. On the Contact Information tab, enter an email address.
  6. Select Receive Alert Emails.

Configure recipients for all alert emails

Even if recipients do not have their user account properties set to receive email notifications, this setting sends them all email alerts.

  1. Go to Administration > System Settings > Alerts.
  2. Enter an email address for Alert Email Address - The email address to which all alert emails should be sent.