Video Screencast Help

Send Email Notification To Admin For DLP User Change

Created: 30 Jul 2012 • Updated: 03 Aug 2012 | 2 comments
Language Translations
yang_zhang's picture
+3 3 Votes
Login to vote

A DLP user with User Administration privileges can modify other user's rights. For example, change an auditor user that can only review the incidents into a policy admin that can review and modify the policy. This is a security alert of the DLP system. 

We can configure the DLP to send Email notification for such issue by using System Alerts.

System alerts are email messages that are sent to designated addresses when a particular system event occurs.

Here we configure the DLP system to send Email notification to DLP admin for user changes.

1. From DLP Enforce Console, make some change of the existing user.

2. From 'System' --> 'Servers' --> 'Events', check out the Event Code of user changes:

3. From 'System' --> 'Servers' --> 'Alerts', click 'Add Alert' button:

4. Click 'Add Condition' button, select the condition as 'Event Code', select the rule as 'Is Any of', on the groupbox, input '2110', then input the Email address of the recipient:

Save the configuration.

Then, when an user had been changed some one, there will be an Email notification like this:

 

BTW, we can configure other kind of system alerts such as DLP Services stopped/restarted on the same way......

 

Comments 2 CommentsJump to latest comment

kishorilal1986's picture

Hi yang,

But how we come to know the ip address or host name of machine from which it has been changed. How we can trace the machine and user ?

0
Login to vote
yang_zhang's picture

So, what you need is the audit log of the Enforce Console. You can search around the Connect, I think there are some discussion about how to query the audit log.

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
0
Login to vote