Set alerts for groups
Background / Value
Employees receive their access rights through group memberships. Especially sensitive groups grant access to secret folders and other important resources. The AD Logga allows you to actively monitor specific AD groups so that an alert is received if new members are added.
Due to the nested group structures in the Active Directory, it is important to monitor both direct group memberships and indirect memberships.
Set alerts for user accounts
Set alerts for OUs/domains
- Use the search to find the desired group.
- Right-click on the group and select "Create alert" from the context menu.
- Enter a title for the alert.
Select whether only direct or direct and indirect group membership changes (recommended) trigger an alert.
- Choose Actions.
Here you specify which actions are executed when an alert is triggered. You must activate at least one action.
- Activate the option if an email should be sent in case of an alert.
The content of the emails can be customized. This is analogous to the recertification emails.
- The alarm is written to the Windows event log using the categorization. This option is especially useful if you are using a SIEM system that monitors the Windows Event Log.
- Enable the execution of a script. To be able to activate this option, a script configuration for alerts must exist.
Activate this option to write the event to a Syslog server. Syslog servers need to be configured in the ARM configuration application under Server > Syslog.
Choose a category. This is used when writing to the Windows Event Log and for the email subject.
- You must specify a reason for the alert configuration in order to save it.
- Click on "Create".