Configure security metrics to send email when thresholds are triggered
Learn how to configure security metrics so that your instance generates an email notification when a threshold is triggered.
Before you begin
Role required: admin
Procedure
- In Security Center, navigate to metrics.
-
Select a metric that you want to set a threshold for in your
organization.
If you want to manage failed logins then you may want to set a threshold so that when failed logins reaches a specific number, the admins or security experts in your organization are notified. The appropriate security metric to target in this case is users > failed logins.
- Select the Thresholds icon.
-
Select the plus
(+)
icon on the thresholds panel to configure the form.
The options available are to set the visibility, threshold type, and threshold value.
- For visibility, select for everyone if you want everyone to receive the notification, or for me if you only want to receive a notification.
-
In threshold type, select all time high.
This is the field that triggers the threshold notification.Note:A threshold value only needs to be entered when the Threshold Type is set to Less than or More than.
-
Select save to create the threshold.
Next, the notification needs to be set up.
- Select all, and enter system notification.
- Navigate to email > notifications.
-
In the
name
column, enter *pa thre.
The threshold notifications are event based, and they are set up in the PA Thresholds Notification table.
-
Select PA Thresholds Notification.
There are three tabs in the results:
- When to send: Specifies what must occur to send the email notification. In this example, once the threshold you previously set is reached, the email is triggered.
- Who will receive: Specifies which users will receive the notification. You can add users and groups.
- What it will contain: Specifies the script action that a user can modify to customize the message that users and the group will receive. To learn more about creating script actions, see Script actions.