starting point

Author: jtviolet

docs/1secure/1secure/admin/alerts/alerts.md

@@ -0,0 +1,90 @@
+# Alerts
+
+When you create an alert profile, several alerts are preconfigured for it. You can, however, choose to enable or disable them as well as add custom alerts to the profile. These alerts are triggered by specific events. This means that when the defined action (event) is detected within the organization the alert profile is assigned to, an alert is generated. Alerts notify you of critical actions that impact your organization's security, enabling you to respond swiftly to potential risks.
+
+You can access the generated alerts in the following ways:
+
+- View the alerts generated for an organization on the Netwrix 1Secure dashboard. See the [1Secure Dashboard](/docs/product_docs/1secure/1secure/admin/dashboard/overview.md) topic for additional information.
+- Receive alerts as email notifications sent to the specified email address(es). See the [Manage Delivery Settings for an Alert Profile ](/docs/product_docs/1secure/1secure/admin/alerts/overview.md#Manage-Delivery-Settings-for-an-Alert-Profile)topic for setting up email notifications.
+
+Follow the steps to view the alerts within an alert profile.
+
+__Step 1 –__ Navigate to Configuration > Alerts.
+
+__Step 2 –__ Click an alert profile. The alerts for the profile are displayed in a list.
+
+![Alerts List within an alert profile](/static/img/product_docs/1secure/1secure/admin/alerts/alertslist.png)
+
+You can view the following for each alert in the list:
+
+- Source – Indicates the origin or type of data that triggers the alert. For example, Activity Records.
+- Alert Name – The name of the alert
+- Is Active – Indicates whether the alert is activated. You can toggle it ON or OFF as required.
+- Grouping On – Indicates whether grouping is applied to the alert. If yes, then it displays the criteria, such as What, Who, Where, etc.
+- Threshold – The threshold value set for the alert. The threshold is the minimum number of activity records that must occur within a specified time frame (threshold period) to trigger an alert.
+- Threshold Period – The threshold period set for the alert. The threshold period is the maximum duration, starting from the first activity record, within which the specified number of activity records (threshold) must occur to trigger an alert.
+- Batching Period – The batching period set for the alert. The batching period feature allows you to receive a single notification that includes all alerts triggered during the specified period.
+
+## Add a Custom Alert
+
+Follow the steps to add a custom alert.
+
+__Step 1 –__ Navigate to Configuration > Alerts.
+
+__Step 2 –__ Click an alert profile. The alerts for the profile are displayed in a list.
+
+__Step 3 –__ Click __Add__. The New Alert pane is displayed.
+
+![New Alert Pane](/static/img/product_docs/1secure/1secure/admin/alerts/addcustomalert.png)
+
+__Step 4 –__ Select a custom report from the Report drop-down menu to trigger the alert when a new record is generated for the report. See the [ Custom Reports](/docs/product_docs/1secure/1secure/admin/searchandreports/customreports.md) topic for additional information.
+
+__Step 5 –__ Specify a name and description for the alert.
+
+__Step 6 –__ Toggle the __Is Active__ switch to ON to activate the alert. Notifications are sent for active alerts only.
+
+__Step 7 –__ Toggle the __Is Grouped__ switch to ON, which displays the Grouped On drop-down menu. When grouping is enabled, alerts are organized based on the criteria you select in the _Grouped On_ drop-down menu.
+
+__Step 8 –__ Select one of the following options from the __Grouped On__ drop-down menu:
+
+- Who – Groups alerts with respect to the user who performed the activity (deleted an account, created a record, etc.)
+- Where – Groups alerts with respect to the location where the activity is performed. For example, SharePoint Online site, file server, etc.
+- What – Groups alerts with respect to the object the activity is performed on, such as a computer, file, etc.
+
+Example: You have two users, User 1 and User 2, each performing different actions. By setting "Grouped On" to "Who", alerts will be generated per user, resulting in two separate alerts — one for User 1 and another for User 2. Each alert will include only the activity associated with that specific user. If grouping is not enabled, all activities will be consolidated into a single alert based on the specified _threshold_ and _threshold period_.
+
+__Step 9 –__ In the Threshold field, specify a threshold for the alert. The threshold is the minimum number of activity records that must occur within a specified time frame (threshold period) to trigger an alert. For example, if the threshold is set to 3, an alert will be triggered when at least 3 activity records are generated within the specified time frame.
+
+__Step 10 –__ In the Threshold Period field, specify a threshold period for the alert. The threshold period is the maximum duration, starting from the first activity record, within which the specified number of activity records (threshold) must occur to trigger an alert. For example, if the threshold is set to 5 and the threshold period is 10 minutes, at least 5 activity records must be generated within 10 minutes to trigger an alert.
+
+__Step 11 –__ If you do not want alert notifications to be sent to you each time an alert is generated, there is a batching period option. In the Batching Period field, specify a batching period for the alert. The batching period feature allows you to receive a single notification that includes all alerts triggered during the specified period. For example, if the batching period is set to 30 minutes (00:30:00) for an alert such as "Computer removed," you will receive a single notification for the alerts generated during that time frame, rather than receiving individual notifications for each alert.
+
+__Step 12 –__ Click __Save__.
+
+The alert is configured and added to the list.
+
+## Modify an Alert
+
+Follow the steps to modify a preconfigured or custom alert.
+
+__Step 1 –__ Navigate to Configuration > Alerts.
+
+__Step 2 –__ Click an alert profile. The alerts for the profile are displayed in a list.
+
+__Step 3 –__ Click the __Edit__ icon for an alert. The Edit alert pane is displayed.
+
+__Step 4 –__ Modify the required information. See the [Add a Custom Alert](#Add-a-Custom-Alert) topic, starting from Step 4 for additional information.
+
+__Step 5 –__ Click __Save__.
+
+## Delete a Custom Alert
+
+Follow the steps to delete a custom alert.
+
+__Step 1 –__ Navigate to Configuration > Alerts.
+
+__Step 2 –__ Click an alert profile. The alerts for the profile are displayed in a list.
+
+__Step 3 –__ Click the __Delete__ icon for an alert to delete it. A dialog box is displayed, prompting you to confirm the deletion of the alert.
+
+__Step 4 –__ Click __Yes__. The alert is deleted from the system.

docs/1secure/1secure/admin/alerts/overview.md

@@ -0,0 +1,82 @@
+# Alert Profiles
+
+Alert profiles provide a way to easily group alert configurations and delivery notification settings together. You can create an alert profile, enable relevant alerts for the profile, and assign it to organization(s). Additionally, you can customize delivery settings and specify which user(s) will receive notifications when alerts in the profile are triggered.
+
+To view the alert profiles, navigate to Configuration > Alerts.
+
+![Alert Profiles List](/static/img/product_docs/1secure/1secure/admin/alerts/alertsprofiles.png)
+
+Alert profiles are displayed in the list with the following information:
+
+- Alert profile – The name of the alert profile
+- Alerts enabled – The number of alerts enabled for the profile
+- Used in organizations – The number of organizations the alert profile is applied to
+- Notification delivery – Indicates whether email notifications are configured for the profile
+
+__NOTE:__ The alert profile named _Netwrix Profile (Default)_ is available by default and is automatically applied to all managed organizations.
+
+## Add an Alert Profile
+
+Follow the steps to add an alert profile.
+
+__Step 1 –__ Navigate to Configuration > Alerts.
+
+__Step 2 –__ Click __Add profile__. The New alert profile pane is displayed.
+
+![New Alert Profile pane](/static/img/product_docs/1secure/1secure/admin/alerts/addalertprofile.png)
+
+__Step 3 –__ Enter a name for the alert profile in the Name field and click __Save__.
+
+The alert profile is added to the list. You can:
+
+- Assign this profile to an organization. You can do this when creating a new organization or editing an organization. See the [Add Organizations](/docs/product_docs/1secure/1secure/admin/organizations/addorganizations.md) topic for additional information.
+- Click the profile to review the list of alerts, enable the desired alerts, make necessary edits for alerts, and set delivery settings for the alert profile. See the [Alerts](/docs/product_docs/1secure/1secure/admin/alerts/alerts.md) topic for additional information.
+
+## Modify the Name of an Alert Profile
+
+Follow the steps to modify the name of an alert profile.
+
+__Step 1 –__ Navigate to Configuration > Alerts.
+
+__Step 2 –__ Click the Edit icon for an alert profile. The Edit alert profile pane is displayed.
+
+__Step 3 –__ Modify the name of the profile.
+
+__Step 4 –__ Click __Save__.
+
+## Delete an Alert Profile
+
+__NOTE:__ (1) The alert profile named _Netwrix Profile (Default)_ cannot be deleted.   
+(2) When an alert profile is deleted, the _Netwrix Profile (Default)_ is automatically assigned to the organizations that were previously assigned the deleted profile.
+
+Follow the steps to delete an alert profile.
+
+__Step 1 –__ Navigate to Configuration > Alerts.
+
+__Step 2 –__ Click the Delete icon for an alert profile to delete it. A dialog box is displayed, prompting you to confirm the deletion of the profile.
+
+__Step 3 –__ Click __Yes__. The alert profile is deleted from the system.
+
+## Manage Delivery Settings for an Alert Profile
+
+You can receive alerts by email or through the third-party ticket service, as used by the Managed Service Providers.
+
+Follow the steps to configure alerts by email.
+
+__Step 1 –__ . Navigate to Configuration > Alerts.
+
+__Step 2 –__ Click an alert profile. The alerts for the profile are displayed in a list.
+
+__Step 3 –__ Click the Email icon under Delivery Settings. The Email Delivery Settings pane is displayed.
+
+![Email Delivery Settings pane](/static/img/product_docs/1secure/1secure/admin/alerts/alertsemaildelivery.png)
+
+__Step 4 –__ . Toggle the Enabled switch to ON to enable email notifications for the alert profile.
+
+__Step 5 –__ In the Email Addresses field, enter the email address of a recipient for alert notifications and click the Add icon. To specify multiple email addresses, add them one by one.
+
+__Step 6 –__ Check the __Email Organization Admins__ check box to send the alerts to all the organization admins by email.
+
+__Step 7 –__ Click Save.
+
+You may also link to a third-party ticketing system. See the [Third-party systems](/docs/product_docs/1secure/1secure/integration/overview.md) topic for additional information.

docs/1secure/1secure/admin/dashboard/alertstimeline.md

@@ -0,0 +1,62 @@
+# Alerts Timeline
+
+The Alerts Timeline page provides a view of triggered alerts. It highlights key statistics, including the top 5 alert types by count and a timeline chart to visualize alerts triggered over time. The page also displays a complete list of generated alerts for thorough analysis and monitoring.
+
+To access the Alerts Timeline page, click __Home__ at the top and do one of the following:
+
+- On the Top 5 Organizations with Most Alerts chart, click a bar. It opens the Alerts Timeline page that displays alert-related data for the organization represented by the selected bar.
+- On the Top 5 Triggered Alerts by Type chart, click a bar. It opens the Alerts Timeline page that displays alert-related data for all managed organizations.
+- In the organizations list, click an organization name to navigate to the Organization Statistics page, then click the Alerts Timeline chart. It opens the Alerts Timeline page that displays alert-related data for the organization selected in the organizations list.
+
+![Alerts Timeline Page](/static/img/product_docs/1secure/1secure/admin/dashboard/alertstimeline.png)
+
+If you are a managed organization user, this page displays insights specific to your organization.
+
+If you are a managing organization (MSP) user, this page provides insights for all your organizations.
+
+Top 5 Alerts by Count
+
+This card displays a pie chart illustrating the five most frequently triggered alert types. Each slice represents the share of an alert type relative to the others. Hover over a slice to view the exact number of alerts for that type.  
+The legend maps the colors used in the pie chart to the names of the alert types along with the share percentage.
+
+Click an alert type on the legend to disable it. Disabled alert types are not displayed in the pie chart. Hence, the pie chart displays only the enabled alert types and their percentage shares with respect to each other. You can click a disabled alert type on the legend to enable it.
+
+Alerts Timeline
+
+This card displays a bar chart illustrating the number of alerts triggered for the period selected in the timeframe drop-down menu. Hover over a bar on the chart to view the exact number of alerts triggered on any specific date.
+
+Alerts List
+
+This section lists all the triggered alerts with the following information:
+
+- Organization – Displays the name of the organization the alert belongs to. Click an organization name to view its alert-related data on the Alerts Timeline page. On filtering data by organization, the Organization column is hidden from the Alerts list.
+- Alert time – Displays the date and time when the alert is triggered
+- Source type – Displays the origin or type of data that triggers the alert. Source types are:
+
+  - Activity Records – Alerts generated based on user activities or actions
+  - Health Notifications – Alerts related to system performance, for example, when Netwrix 1Secure is unable to communicate with Netwrix Cloud Agent.
+- Alert name – Displays the name of the alert
+- Num activity records – Displays the number of activity records associated with the triggered alert, based on the threshold value set for it. The threshold is the minimum number of activity records that must occur within a specified time frame (threshold period) to trigger an alert.
+- Last updated – Displays the date and time when the alert is triggered, based on the threshold value set for it. The threshold is the minimum number of activity records that must occur within a specified time frame (threshold period) to trigger an alert.last updated.
+- Item – Displays the name of the entity by which the alert is grouped, such as a computer, file, user, etc.
+- Activity Records – Click the Activity Records link for an alert to navigate to the Activity page, where you can view a detailed report for that alert type. See the [Activity Reports](/docs/product_docs/1secure/1secure/admin/searchandreports/activity.md) topic for additional information.
+
+Click a column header to sort data in the alerts list by that column in ascending order. An arrow appears next to the column name to indicate the sort order. Click the column header again to sort the data in descending order.
+
+Edit Alerts Settings
+
+Click the __Edit Alerts Settings__ link to navigate to the Alerts page, where you can create a new alert and modify existing ones. See the [Alerts](/docs/product_docs/1secure/1secure/admin/alerts/alerts.md) topic for additional information.
+
+## Filter Data
+
+Multiple filters are available on this page to enable you to filter data as desired. You can apply one or more filters at a time.
+
+- Organizations – Select an organization from the Organizations drop-down menu to view its alert-related data.
+- Filter by Keyword – Type a search string (only alpha characters allowed) in the Filter by keyword field and press Enter. The Alerts list displays the data that matches the specified keyword.
+- Alert – Select an alert type from the Alert drop-down menu. The charts and the alerts list display data specific to the selected alert type. By default, All is selected.
+- Item – Select an item from the Item drop-down menu. The charts and the alerts list display alert data specific to the selected item. By default, All is selected.
+- Timeframe – Select a time period from the Timeframe drop-down menu. The charts and the listing on the page display data for the selected time period. For example, if you select 7 Days, the data will reflect information for the past 7 days. By default, 30 Days is selected. Options are:
+
+  - 7 Days
+  - 30 Days
+  - 90 Days