Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Server Administration for Web Protection Solutions > Alerting > Configuring suspicious activity alerts
Configuring suspicious activity alerts
Administrator Help | Forcepoint Web Security and Forcepoint URL Filtering | v8.5.x
Related topics:
Your web protection software can notify you when suspicious activity of a specified severity level reaches a defined threshold. You can define alerts for permitted requests and blocked requests of each severity level.
Because Content Gateway is required to detect critical and high severity alerts, it is not possible to configure alerting for those severity levels in Web Filter & Security deployments.
Forcepoint Web Security customers who have enabled advanced file analysis can enable email or SNMP alerts to be sent when a file submitted for analysis is determined to be malicious.
Use the Settings > Alerts > Suspicious Activity page to set or change alerting configuration for alerts associated with suspicious events in your network. Detailed information about these events is displayed on the Threats dashboard.
The page displays 2 tables: Permitted Suspicious Activity Alerts and Blocked Suspicious Activity Alerts. If the Advanced File Analysis has been enabled, a third table is added.
Each table for suspicious activity alerts shows:
*
The Severity level to be configured. The 4 severity levels are critical, high, medium, and low. Severity level is determined by the threat category associated with the alert. See How severity is assigned to suspicious activity for more information.
*
The alerting Threshold. By default, the threshold for critical and high severity alerts, both permitted and blocked, is 1.
*
For advanced file analysis, you can enable alerting via email, SNMP, or both when an analyzed file is found to be malicious.
To update suspicious activity alert settings, you can:
1.
Enter a number in the Threshold field to specify the number of suspicious events that cause an alert to be generated.
2.
Select each notification method (Email, SNMP) to use to deliver suspicious activity alerts.
Only alert methods that have been enabled on the Enable Alerts page (see Configuring general alert options) are available for selection.
Leave the alert methods unchecked to disable alerts for a specific severity.
3.
Each check box is enabled only if the corresponding alert type (email or SNMP) is enabled on the Enable Alerts page.
Note that threats related to advanced file analysis are not included on the Threats dashboard.
4.
Click OK to cache your changes. Changes are not implemented until you click Save and Deploy.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Server Administration for Web Protection Solutions > Alerting > Configuring suspicious activity alerts
Copyright 2018 Forcepoint. All rights reserved.