Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Server Administration for Web Protection Solutions > Alerting > Configuring suspicious activity alerts
Configuring suspicious activity alerts
Administrator Help | TRITON AP-WEB and Web Filter & Security | Version 8.1.x
Related topics:
*
Alerting
*
Flood control
*
Configuring general alert options
Your Websense software can notify you when suspicious activity of a specified severity level reaches a defined threshold. You can define alerts for permitted requests and blocked requests of each severity level.
Because Content Gateway is required to detect critical and high severity alerts, it is not possible to configure alerting for those severity levels in Web Filter & Security deployments.
TRITON AP-WEB subscribers who have purchased the Web Sandbox module can enable email or SNMP alerts to be sent when a file submitted to the file sandbox is determined to be malicious.
Use the Settings > Alerts > Suspicious Activity page to enable, disable, or change alerting configuration for alerts associated with suspicious events in your network. Detailed information about these events is displayed on the Threats dashboard.
The page displays 2 tables: Permitted Suspicious Activity Alerts and Blocked Suspicious Activity Alerts. Each table shows:
*
The Severity level to be configured. The 4 severity levels are critical, high, medium, and low. Severity level is determined by the threat category associated with the alert. See How severity is assigned to suspicious activity for more information.
*
The alerting Threshold. By default, the threshold for critical and high severity alerts, both permitted and blocked, is 1.
*
One or more notification methods. Suspicious activity alerts can be sent via Email, SNMP, or both.
*
Whether or not the alert is Enabled. A green check mark indicates that alerts are being generated for suspicious activity of the selected severity. A red "X" indicates that alerting is disabled for the selected severity.
To update suspicious activity alert settings, you can:
1.
Mark the check box to the left of a severity level, then click Enable or Disable to activate or stop alerts of the selected type.
2.
For enabled alerts, enter a number in the Threshold field to specify the number of suspicious events that cause an alert to be generated.
3.
Select each notification method (Email, SNMP) to use to deliver suspicious activity alerts.
Only alert methods that have been enabled on the Enable Alerts page (see Configuring general alert options) are available for selection.
4.
If the Web Sandbox module is included in your configuration, mark the check box or boxes in the File Sandboxing Alerts section to cause an email or SNMP alert to be sent when a file sent for sandbox analysis is found to be malicious.
Each check box is enabled only if the corresponding alert type (email or SNMP) is enabled on the Enable Alerts page.
Note that threats related to file sandboxing are not included on the Threats dashboard.
5.
Click OK to cache your changes. Changes are not implemented until you click Save and Deploy.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Server Administration for Web Protection Solutions > Alerting > Configuring suspicious activity alerts
Copyright 2016 Forcepoint LLC. All rights reserved.