An administrator need to be notified when a single user makes a large amount of file or folder changes in given time. An example of the required configuration is to be notified only if one user makes 5 changes in 5 Minutes but not if one change is made by 5 users in 5 minutes.
The required configuration (description above) is not currently possible using Smart Alerts.
It is possible to configure a Smart Alert to send a notification email when one user makes 5 changes for example in 5 Minute, however, it will also send an alert if 5 users makes one change within the same 5 minutes.
An enhancement request (TF00486128) has been opened for this request. It will be evaluated by the product management team for a future release of Change Auditor.
Workaround:
One possible approach in environments with a small number of users, or for Administrators who wishes to target specific users, is to create a separate search (with Smart Alert) for each user, adding the user's name in the "Who" tab. This way, only when the targeted user makes the configured amount of change, will the Smart Alert send the email notification. Please see link below for instructions on configuring Smart Alerts.
Can Change Auditor send alerts only when a number of events occur in a certain amount of time?
We have Threat Detection Module which can integrate with Change Auditor.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center