Create an alarm policy

Users with administrator access can create alarm policies to target and identify specific network activity.

1. In Threat Monitor, navigate to Event Logs > Default.
2. To group and view high-level facets of the current data set, click Analyze Results.
3. In one of your facet groups, click the search icon to expose the search criteria icons .

   

4. Identify the facet on which you would like to base your alert, and then click the Add to Search Criteria icon .
5. Copy the value from the search query field to paste into your new alarm policy.
6. In Threat Monitor, navigate to Alarms > Alarm Policies, and then click New.
7. Enter a name for your new alarm policy.
8. From the drop-down list, select a category. Select an appropriate category so Threat Monitor can group the event accordingly in views, dashboards, and facet groupings.
9. From the drop-down list, select a company to assign the alarm, and then click Save.
10. To build your policy, click Add level 1 rule.
11. Enter a name for your alarm policy rule.
12. In the filters field, paste the search value you copied from the event logs.
13. From the drop-down list, select an action (Do nothing, log alarm only, log alarm and generate email).
14. Set your occurrence and time frame. This is the number of events that happen within a designated time before the alarm action triggers.
15. Click Save.

Learn about creating multi-level rules here.