Set alerts for OUs/domains

AD Logga allows you to monitor the password reset process for groups and users. However, organizational units (OUs) and domains require security monitoring as well.

You can configure alarms for OUs and domains. For example, when a group membership changes, a password is reset, or an account is locked, ARM can send you an alert when these events occur in your organization.

Create an alert

1. Log in to the Access Rights Manager application.

2. Click Resources in the toolbar.

3. Navigate to the targeted domain, OU, or container. Use the Search field if necessary to locate the targeted Active Directory object.

   

4. In the Resources screen, right-click the targeted domain, OU, or container and select Create alert.

   

5. In the Create Alert screen, click the drop-down arrow and select an event type that can trigger an alert.

   

6. In the toolbar, select Threshold.

   

7. If you need an alert for a set number of events within a set period of time, create a threshold setting. Otherwise, go to the next step.

   

   When you are finished, your threshold settings display at the bottom of the screen.

8. In the toolbar, select Actions.

   

9. Select at least one action that executes when an alert is triggered.

   1. If an email should be sent when an alert is triggered, select the Send email checkbox and complete the fields.

      

      The content of the emails can be customized. This is analogous to the recertification emails.

   2. To write the alert to the Windows Event Log using this categorization, select the Write to Windows event log checkbox.

      

      This option is useful if you are using a security information and event management (SIEM) tool that monitors the Windows Event Log.

   3. To execute a script, select the Execute script checkbox.

      

      To activate this option, configure a script for alerts. See Configure scripts for instructions.

   4. To write the event to a syslog server, select the Write to SysLog checkbox.

      

      The syslog server must be configured in the ARM Configuration application. See Set the syslog servers for instructions.

   5. Under Category, click the drop-down menu and select a category used when writing to the Windows Event Log and selecting the email subject.

      

   6. (Required) Enter a reason for the alert configuration.

      

   7. Click Create.

See the following sections for more information.

• Set alerts for user accounts

• Set alerts for groups

• Manage alerts