Documentation forThreat Monitor

View and edit alarm policies

Users with administrator access can view and edit pre-defined log policies, and then apply specific trigger criteria and subsequent actions for designated network events and activity.

  1. In Threat Monitor, navigate to Admin > Alarm Policies.

  2. To view or edit a policy, click to expand a policy category, and then click to select a policy.

  3. Adjust your filters, subsequent actions, and additional parameters, and then click Save.

If the policy has multi-level rules, you can add, delete, and modify each rule within the policy. The multi-level rules allow you to manage the number of alert triggers within a specific category.

In the example below, the rule policy is configured to trigger after two incorrect password attempts, and then after 40 attempts within a five-minute span. Additional actions include an active response after 100 hits in 10 minutes, and then after 1000 hits within 10 hours.

To specify the email template used for each alarm, navigate to Alarms > Alarm Categories.