Alerts are generated when Workload Security requires your attention, such as an administrator-issued command failing, or a hard disk running out of space. Workload Security includes a predefined set of alerts (see Predefined alert definitions). Additionally, when you create protection module rules, you can configure them to generate alerts if they are triggered.
There are several ways to see which alerts have been triggered:

View alerts in the Workload Security console Parent topic

The Alerts page in the Workload Security console displays all triggered alerts that have not been responded to. You can display alerts in a summary view that groups similar alerts together, or in list view which lists all alerts individually. You can also sort the alerts by time or by severity.
If an alert occurs more than once on the same computer, the alert shows the timestamp of the first occurrence. If the condition reoccurs after dismissing the alert, the timestamp of the first re-occurrence is displayed.

Procedure

  1. To view alerts for a specific computer, computers in a group, or with a particular policy, filter Computers.
  2. In List View, right-click the alert to see the options in the context menu.
  3. In Summary View, click Show Details to display all the computers and users that generated that particular alert.
  4. If an alert applies to more than five computers, an ellipsis (...) appears after the fifth computer. Click the ellipsis to display the full list.
  5. Click the computer to display the Details.
  6. After you take the appropriate action for an alert, select the box next to the target and click Dismiss.
    Alerts that you cannot dismiss are automatically dismissed when the condition no longer exists.
    Unlike security events and system events, the database does not purge alerts after a period of time. Alerts remain until dismissed, whether manually or automatically.

Configure alert settings Parent topic

Configure the settings for individual alerts.

Procedure

  1. On the Alerts page, click Configure Alerts to display a list of all alerts.
    Enabled alerts have a checkmark. Enabled means that Workload Security triggers that alert if the corresponding situation occurs.
  2. Select an alert and click Properties to turn the alert on or off or change other settings for the alert, like the severity level and email notifications.
  3. To exclude information about desktop machines, select Do not send email notifications when this alert condition occurs on Desktop OSs. For this alert, desktop operating systems include Windows (versions 7, 8, 8.1, 10, and 11) and macOS (version 10.15, 11, 12, and 13).
    This option is part of a controlled release and is in Preview. Content is subject to change.

Set up email notification for alerts Parent topic

Workload Security can send emails to specific users when selected alerts are triggered. To enable email or disable notifications choose any of the following procedures:

Turn on or off alert emails Parent topic

Procedure

  1. On the Alerts page, click Configure Alerts to display the list of alerts. A check mark next to an alert indicates that it is enabled. If the defined situation occurs, it triggers an alert.
  2. Double-click on an alert to display the Properties.
  3. Select at least one Send Email.

Configure an individual user to receive alert emails Parent topic

Procedure

  1. Access user properties:
    • For accounts created before 2021-08-04:
      1. Go to Administration User Management Users.
      2. Double-click a user account to display its Properties.
    • For accounts created on or after 2021-08-04, go to Workload Security User Properties.
    • For access from the Dashboard, click Edit properties on User Summary for the past 30 days.
  2. On the Contact Information tab, enter an email address.
  3. Select Receive Alert Emails.

Configure recipients for all alert emails Parent topic

Even if recipients do not have their user account properties set to receive email notifications, this setting sends them all email alerts.

Procedure

  1. Select Administration System Settings Alerts.
  2. Enter an email address for Alert Email Address - The email address to which all alert emails should be sent.