You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/cloud-infrastructure-entitlement-management/product-rule-based-anomalies.md
+20-13Lines changed: 20 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
-
title: Create and view rule-based anomalies and anomaly triggers in Permissions Management
3
-
description: How to create and view rule-based anomalies and anomaly triggers in Permissions Management.
2
+
title: Create and view rule-based anomaly alerts and alert triggers in Permissions Management
3
+
description: How to create and view rule-based anomaly alerts and alert triggers in Permissions Management.
4
4
services: active-directory
5
5
author: jenniferf-skc
6
6
manager: amycolannino
@@ -12,13 +12,20 @@ ms.date: 02/23/2022
12
12
ms.author: jfields
13
13
---
14
14
15
-
# Create and view rule-based anomaly alerts and anomaly triggers
15
+
# Create and view rule-based anomaly alerts and alert triggers
16
16
17
-
Rule-based anomalies identify recent activity in Permissions Management that is determined to be unusual based on explicit rules defined in the activity trigger. The goal of rule-based anomaly is high precision detection.
17
+
Rule-based anomalies identify recent activity in Permissions Management that is determined to be unusual based on explicit rules defined in the alert trigger. The goal of rule-based anomaly alerts is high-precision detection.
18
+
19
+
You can configure rule-based anomaly alert triggers for the following conditions:
20
+
-**Any Resource Accessed for the First Time**: The identity accesses a resource for the first time during the specified time interval.
21
+
-**Identity Performs a Particular Task for the First Time**: The identity does a specific task for the first time during the specified time interval.
22
+
-**Identity Performs a Task for the First Time**: The identity performs any task for the first time during the specified time interval.
23
+
24
+
Alert triggers are based on data collected. All alerts, if triggered, are shown every hour under the Alerts subtab.
18
25
19
26
## View rule-based anomaly alerts
20
27
21
-
1. In the Permissions Management home page, select **Activity triggers** (the bell icon).
28
+
1. In the Permissions Management home page, select **Alerts** (the bell icon).
22
29
1. Select **Rule-Based Anomaly**, and then select the **Alerts** subtab.
23
30
24
31
The **Alerts** subtab displays the following information:
@@ -49,11 +56,11 @@ Rule-based anomalies identify recent activity in Permissions Management that is
49
56
-**Details**: Displays details about **Authorization System Type**, **Authorization Systems**, **Resources**, **Tasks**, **Identities**, and **Activity**
50
57
-**Activity**: Displays details about the **Identity Name**, **Resource Name**, **Task Name**, **Date/Time**, **Inactive For**, and **IP Address**. Selecting the "eye" icon displays the **Raw Events Summary**
51
58
52
-
## Create a rule-based anomaly trigger
59
+
## Create a rule-based anomaly alert trigger
53
60
54
-
1. In the Permissions Management home page, select **Activity triggers** (the bell icon).
61
+
1. In the Permissions Management home page, select **Alerts** (the bell icon).
55
62
1. Select **Rule-Based Anomaly**, and then select the **Alerts** subtab.
56
-
1. Select **Create Anomaly Trigger**.
63
+
1. Select **Create Alert Trigger**.
57
64
58
65
1. In the **Alert Name** box, enter a name for the alert.
59
66
1. Select the **Authorization System**, **AWS**, **Azure**, or **GCP**.
@@ -72,9 +79,9 @@ Rule-based anomalies identify recent activity in Permissions Management that is
72
79
1. On the **Configuration** tab, to update the **Time Interval**, select **90 Days**, **60 Days**, or **30 Days** from the **Time range** dropdown.
73
80
1. Select **Save**.
74
81
75
-
## View a rule-based anomaly trigger
82
+
## View a rule-based anomaly alert trigger
76
83
77
-
1. In the Permissions Management home page, select **Activity triggers** (the bell icon).
84
+
1. In the Permissions Management home page, select **Alerts** (the bell icon).
78
85
1. Select **Rule-Based Anomaly**, and then select the **Alert Triggers** subtab.
79
86
80
87
The **Alert Triggers** subtab displays the following information:
@@ -113,7 +120,7 @@ Rule-based anomalies identify recent activity in Permissions Management that is
113
120
114
121
## Next steps
115
122
116
-
- For an overview on activity triggers, see [View information about activity triggers](ui-triggers.md).
123
+
- For an overview on alerts and alert triggers, see [View information about alerts and alert triggers](ui-triggers.md).
117
124
- For information on activity alerts and alert triggers, see [Create and view activity alerts and alert triggers](how-to-create-alert-trigger.md).
118
-
- For information on finding outliers in identity's behavior, see [Create and view statistical anomalies and anomaly triggers](product-statistical-anomalies.md).
119
-
- For information on permission analytics triggers, see [Create and view permission analytics triggers](product-permission-analytics.md).
125
+
- For information on finding outliers in identity's behavior, see [Create and view statistical anomaly alerts and alert triggers](product-statistical-anomalies.md).
126
+
- For information on permission analytics alerts and alert triggers, see [Create and view permission analytics alerts and alert triggers](product-permission-analytics.md).
0 commit comments