Enable alerts for file server directories

Monitor targeted safety-critical directories by defining directory-specific alerts. Should an access be made to a security-relevant directory, ARM sends an alert to the data controller.

Create an alert

1. Log in to the Access Rights Manager application.

2. Click Resources in the toolbar.

3. Expand File server. Configured alerts display with a bell symbol.

   

4. Choose an action:

   • Right-click a resource and select Create alert to create a new alert.

   • Right-click a resources and select Manage alerts to customize or delete existing alerts.

5. Under Alert Name, enter a name for this alert configuration.

   

6. Define the events that trigger an alert.

   

7. (Optional) Create a blacklist that defines all users who are not considered for the alert. Otherwise, go to the next step.

   Each alert configuration has its own blacklist configuration.
   You can only add users, not groups.

   1. Click Blacklist Users.

      

   2. Use the Search function to find available users for your blacklist

      

   3. Double-click or drag-and-drop to add users to the blacklist.

      

   4. Click Apply.

8. (Optional) Create a blacklist that defines all directories that are not considered for the alert. Otherwise, go to the next step.

   1. Click Blacklist Directories.

      

   2. Use the filter function to find the target directories. When you filter, the tree view changes to a result list of the directory paths.

      

   3. Double-click or drag the directory to the blacklist.

      

   4. Click to enable or disable monitoring the subdirectories. To remove a directory from the blacklist, select the directory and press Delete.

   5. Click Apply.

9. Click Actions.

   

10. Select at least one action that executes when an alert is triggered.

    1. If an email should be sent when an alert is triggered, select the Send email checkbox and complete the fields.

       The content of the emails can be customized. This is analogous to the recertification emails.

       

    2. To write the alert to the Windows Event Log using this categorization, select the Write to Windows event log checkbox.

       

       This option is useful if you are using a security information and event management (SIEM) tool that monitors the Windows Event Log.

    3. To execute a script, select the Execute script checkbox.

       

       To activate this option, configure a script for alerts. See Configure scripts for instructions.

    4. To write the event to a syslog server, select the Write to SysLog checkbox.

       

       The syslog server must be configured in the ARM Configuration application. See Set the syslog servers for instructions.

11. Under Category, click the drop-down menu and select a category used when writing to the Windows Event Log and selecting the email subject.

    

12. (Required) Enter a reason for the alert configuration.

    

13. Click Create.

See the following sections for more information.

• Enable alerts for suspected data theft (file server)

• Enable alerts for data deletion (file server)

• Enable alerts for suspected cases on ransomware (file server)

• Manage alerts