A DLP user with User Administration privileges can modify other user's rights. For example, change an auditor user that can only review the incidents into a policy admin that can review and modify the policy. This is a security alert of the DLP system.
We can configure the DLP to send Email notification for such issue by using System Alerts.
System alerts are email messages that are sent to designated addresses when a particular system event occurs.
Here we configure the DLP system to send Email notification to DLP admin for user changes.
1. From DLP Enforce Console, make some change of the existing user.
2. From 'System' --> 'Servers' --> 'Events', check out the Event Code of user changes:
3. From 'System' --> 'Servers' --> 'Alerts', click 'Add Alert' button:
4. Click 'Add Condition' button, select the condition as 'Event Code', select the rule as 'Is Any of', on the groupbox, input '2110', then input the Email address of the recipient:
Save the configuration.
Then, when an user had been changed some one, there will be an Email notification like this:
BTW, we can configure other kind of system alerts such as DLP Services stopped/restarted on the same way......