Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Web Security Server Administration > Alerting > Configuring suspicious activity alerts
Configuring suspicious activity alerts
Web Security Help | Web Security Solutions | Version 7.8.x
Related topics:
*
Alerting
*
Flood control
*
Configuring general alert options
Websense Web Security solutions can notify you when suspicious activity of a specified severity level reaches a defined threshold. You can define alerts for permitted requests and blocked requests of each severity level.
Because Content Gateway is required to detect critical and high severity alerts, it is not possible to configure alerting for those severity levels in Websense Web Security and Websense Web Filter deployments.
Use the Settings > Alerts > Suspicious Activity page to enable, disable, or change alerting configuration for alerts associated with suspicious events in your network. Detailed information about these events is displayed on the Threats dashboard.
The page displays 2 tables: Permitted Suspicious Activity Alerts and Blocked Suspicious Activity Alerts. Each table shows:
*
The Severity level to be configured. The 4 severity levels are critical, high, medium, and low. Severity level is determined by the threat category associated with the alert. See How severity is assigned to suspicious activity for more information.
*
The alerting Threshold. By default, the threshold for critical and high severity alerts, both permitted and blocked, is 1.
*
One or more notification methods. Suspicious activity alerts can be sent via Email, SNMP, or both.
*
Whether or not the alert is Enabled. A green check mark indicates that alerts are being generated for suspicious activity of the selected severity. A red "X" indicates that alerting is disabled for the selected severity.
To update suspicious activity alert settings, you can:
1.
Mark the check box to the left of a severity level, then click Enable or Disable to activate or stop alerts of the selected type.
2.
For enabled alerts, enter a number in the Threshold field to specify the number of suspicious events that cause an alert to be generated.
3.
Select each notification method (Email, SNMP) to use to deliver suspicious activity alerts.
Only alert methods that have been enabled on the Enable Alerts page (see Configuring general alert options) are available for selection.
4.
Click OK to cache your changes. Changes are not implemented until you click Save and Deploy.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Web Security Server Administration > Alerting > Configuring suspicious activity alerts
Copyright 2016 Forcepoint LLC. All rights reserved.