View and edit alarm policies
Users with administrator access can view and edit pre-defined log policies, and then apply specific trigger criteria and subsequent actions for designated network events and activity.
- In Threat Monitor, navigate to Admin > Alarm Policies.
- To view or edit a policy, click to expand a policy category, and then click to select a policy.
- Adjust your filters, subsequent actions, and additional parameters, and then click Save.
In the example below, the rule policy is configured to trigger after two incorrect password attempts, and then after 40 attempts within a five-minute span. Additional actions include an active response after 100 hits in 10 minutes, and then after 1000 hits within 10 hours.
To specify the email template used for each alarm, navigate to Alarms > Alarm Categories.