Set alerts for user accounts
AD Logga allows you to monitor the password reset process. Within this process, there is an inherent security risk. For example, if a help desk employee secretly resets the password of a manager or executive, the employee can sign on with a temporary password and gain access to sensitive information. In this scenario, the designated users are informed.
-
Log in to the Access Rights Manager application.
-
Click Accounts in the toolbar.
-
In the Search field, enter a search term to locate the desired user.
-
Right-click on the user and select Create alert.
-
Under Alert Name, enter a name for the alert.
-
Click the drop-down menu and select an event type that triggers the alert.
-
Click Actions.
-
Select at least one action that will execute when an alert is triggered.
-
If an email should be sent when an alert is triggered, select the Send email checkbox and complete the fields.
The content of the emails can be customized. This is analogous to the recertification emails. -
To write the alert to the Windows Event Log using this categorization, select the Write to Windows event log checkbox.
This option is useful if you are using a security information and event management (SIEM) tool that monitors the Windows Event Log. -
To execute a script, select the Execute script checkbox.
To activate this option, configure a script for alerts. See Configure scripts for instructions. -
To write the event to a syslog server, select the Write to SysLog checkbox.
The syslog server must be configured in the ARM Configuration application. See Set the syslog servers for instructions.
-
-
Under Category, click the drop-down menu and select a category used when writing to the Windows Event Log and selecting the email subject.
-
(Required) Enter a reason for the alert configuration.
-
Click Create.
See the following sections for more information.