2.5.3.1. Alert setting

Alert will notify when occuring some threat need to notify an alert to you.
There are two types of alerts "System Alert" and Security Alert .
  • System Alert is triggered by systematic events such as the Agent's off-line (disconnection between the management server and the Agent).

  • Security alerts are triggered by intrusion prevention, firewall, change monitoring, and security log monitoring rules or anti-malware alerts.


There are two types of alert notifications: display on the Operation screen and email notification. Alerts change due to status changes (start, change, recovery).
  • Starting an Alert will be ordered at the first alert announcement. For dealing this, you need to either click Delete the Alert, or restore a correct state at a Agent or the Operaton screen. Without doing so, you can NOT order to start an alert again.

  • Alert Modificaton will order when any status change has been verified, such as adding or restoring an Agent of the relevant event, after ordering to start alert.

  • Alert Restoration will be ordered when you have done "Delete Alert" for each event, or resolved problems by dealing with each Agent processing or using at the operation screen. This means its occurring issue has been resolved.

When you fails to send an alert, the "Failure to send an alert"" will be ordered to system events. Failure sending usually may occur under surging notificaton alert situations, such as network and SMTP server problems. Accordingly, we recommend that you verify not only alert notifications, but also events at the operation screen regulary.

2.5.3.1.1. "System Alert"

Most system events are issued at the initial value, at the timing of alert start / change / recovery.
The setting method of the alert is as follows.

  1. The alert setting screen can be displayed by the following method.
    • Click the "Admin" → "System Settings" → "Alerts" → "Display Alert Settings" button on the menu tab.

    displayalertconfig

  1. From the list of alert settings, select the item you want to set, and right-click to display the properties.
    displayalertconfig

  1. Change alert on / off and notification conditions.
    displayalertconfig

Note

Alerts can not be configured differently for each policy or computer. Configuration changes made to the properties for one alert apply to overall configuration.



2.5.3.1.2. Security Alert

Alerts notifying detection of security related events are not notified by default.
There are two ways to set security alert settings: each security function unit or each rule unit.

2.5.3.1.2.1. Alert setting for each security function unit

You need to change the setting variables of Option, by viewing Properties of respective Security Alerts, e.g. Intrusion Prevention Rule Alert as shown below.

  1. Display the properties of each security alert from the list of alert settings using the :ref: notificationsetting method.
    "Anti-Malware Alert"
    "Intrusion Prevention Rule Alert"
    "Firewall rule alert"
    "Change monitoring rule alert"
    "Security log monitoring rule alert"
    alert setting

  1. Tick the Alert for all rules (Regardless of rules settings) checkbox.
    alert setting
  2. Click the OK button.

2.5.3.1.2.2. Alert settings for each rule

Change the setting values of the option by displaying the properties of respective rules.

  1. Displays the property of the rule to be changed from the list of each rule by "Policy" → "Common Object" → "Rule".
    alert setting

  1. Click Option tab.
    alert setting

  1. Turn ON the Alert checkbox
    alert setting
  2. Click the OK button.