Set alerts for OUs/domains
Background / Value
Sometimes not only a group or a single user is particularly security relevant, but an entire OU or domain. In these cases, you can configure alarms for entire OUs/domains, e.g. if a group membership has been changed, a password reset or an account locked.
Related features
Step-by-step process
- Select Resources.
- Navigate to the desired domain, OU or container. You can alternatively use the search to find the desired AD object. Right-click on it and select "Create alert" from the context menu.
Select one of the following event types that can trigger the alert:
- Account locked
- Group membership changed
- Password reset
You can set a threshold if needed.
- Choose Actions.
Here you specify which actions are executed when an alert is triggered. You must activate at least one action. - Activate the option if an email should be sent in case of an alert.
The content of the emails can be customized. This is analogous to the recertification emails.
- The alert is written to the Windows Event Log. The categorization is used. This option is especially useful if you are using a SIEM system.
- Enable the execution of a script. To activate this option, a script configuration for alerts must be stored.
Activate this option to write the event to a Syslog server. Syslog servers need to be configured in the ARM configuration application under Server > Syslog.
Choose a category. This is used when writing to the Windows Event Log and for the email subject.
- You must specify a reason for the alert configuration in order to save it.
- Click on "Create".