Documentation forHybrid Cloud Observability Essentialsand User Device Tracker

Configure a UDT alert

The preconfigured UDT alerts cover all rogue IP addresses, all rogue MAC address, and all rogue hostnames. To create alerts for specific ranges of rogue addresses that trigger different actions, you can customize these or you can create new alerts.

This example shows you how to duplicate a preconfigured alert, and configure it to be triggered if the IP address of the rogue device is in a specific range.

  1. Go to Alerts & Activity > Alerts and click Manage Alerts in the upper-right corner.
  2. On the Manage Alerts page:

    Select Object Type from the Group By drop-down.
    Select Rogue IP Address.
    Check the Alert me when a rogue IP address appears on network alert.
    Click Duplicate and Edit.
  3. On the Properties tab, edit the alert name and description, and click Next.

    The trigger condition tab is displayed.

    This shows the condition that triggers the alert. In this case, it is triggered whenever the Rogue field is equal to Yes. To change this so that it is only triggered if the IP address is in a specified range, we need to add the lower and upper limits of that range.

  4. On the Trigger Condition tab:

    Click the plus icon and select Add Single Value Comparison.
    Select IP Address from the second drop-down.
    Select Is greater or equal to than from the third drop-down.
    Select the first IP address in the required range.
  5. Repeat these actions, but select Is less than or equal to and the last IP address in the required range.
  6. On the Trigger Action tab, click Add Action.
  7. Select Send an Email/Page, and click Configure Action.
  8. Enter a name for the action, and enter the recipients for this email alert.
  9. Complete the other configuration sections, and click Next.

    For more information on setting up email alerts, see Send an email or page in the Orion Platform Administrator Guide.

  10. On the Summary tab, review the settings for this alert.
  11. Review the message above the Submit button.

    The message shows how many objects trigger this alert. In this case three devices have been detected using IP addresses in the specified range. When you click Submit, the specified recipient receives an email for each address.