When a rogue device or a device on the watch list is detected, UDT triggers an alert. Alerts are customizable and can generate a variety of actions, such as sending an email, executing an external page, or playing a sound.
UDT comes with several out-of-the-box alerts. These are enabled by default, so if rogue hostnames, IP or MAC addresses are detected, alerts are displayed in the All Active Alerts widget on the Orion Platform Summary Home and the Active Alerts Device Tracker Dashboards.
The example below shows that a device using the rogue IP address of 10.199.xx.xxx triggered an alert 3 hours and 1 minute ago.
You can customize alerts by changing the action associated with it. These actions include:
- Send emails or messages
- Execute programs and scripts
- Create ServiceNow Incidents
- Log entries in logs or text files
- Create custom properties
You can customize emails to contain information about the condition that triggered the alert, or select who receives the email depending on time or date.
Alerts can be escalated if not responded to within a set period.
To see more information about an alert, click on the alert name. This opens the Active Alert Details page, where you can:
- View more information on the alert
- Acknowledge the alert
- Edit or turn off the alert
For complete information on creating alerts, and customizing actions for your specific environment, see Use alerts to monitor your environment in the Orion Platform Administrator Guide.