Views:
Server & Workload Protection generates alerts when it requires your attention, such as an administrator-issued command failing, or a hard disk running out of space. Server & Workload Protection includes a predefined set of alerts. When you create protection module rules, you can configure them to generate alerts.
There are several ways to see which alerts have been triggered:

View alerts in the Server & Workload Protection console Parent topic

The Alerts page in the Server & Workload Protection console displays all triggered alerts that have not been responded to. You can display alerts in a summary view that groups similar alerts together, or in list view which lists all alerts individually. You can also sort the alerts by time or by severity.
If an alert occurs more than once on the same computer, the alert shows the timestamp of the first occurrence. If the condition reoccurs after dismissing the alert, the timestamp of the first re-occurrence is displayed.

Procedure

  1. To view alerts for a specific computer, computers in a group, or with a particular policy, filter Computers.
  2. In List View, right-click the alert to see the options in the context menu.
  3. In Summary View, click Show Details to display all the computers and users that generated that particular alert.
  4. If an alert applies to more than five computers, an ellipsis (...) appears after the fifth computer. Click the ellipsis to display the full list.
  5. Click the computer to display the Details.
  6. After you take the appropriate action for an alert, select the box next to the target and click Dismiss.
    Alerts that you cannot dismiss are automatically dismissed when the condition no longer exists.
    Unlike security events and system events, the database does not purge alerts after a period of time. Alerts remain until dismissed, whether manually or automatically.

Configure alert settings Parent topic

Configure the settings for individual alerts.

Procedure

  1. On the Alerts page, click Configure Alerts to display a list of all alerts.
    Enabled alerts have a check. Enabled means that Server & Workload Protection triggers that alert if the corresponding situation occurs.
  2. Select an alert and click Properties to change other settings for the alert, like the severity level and email notifications.
  3. To exclude information about desktop machines for Unable to communicate alerts, select Do not send email notifications when this alert condition occurs on Desktop OSs.
    This feature is part of a controlled release and is in Preview. Content is subject to change.
    For this alert, desktop operating systems include Windows (versions 7, 8, 8.1, 10, and 11) and macOS (version 10.15, 11, 12, and 13).

Set up email notification for alerts Parent topic

Server & Workload Protection can send emails to specific users when specified alerts are triggered.

Procedure

Turn alert emails on or off Parent topic

Procedure

  1. On the Alerts page, click Configure Alerts to display the list of alerts. A green check indicates that an alert is enabled. If the defined situation occurs, it triggers the alert.
  2. Double-click an alert to display the Properties.
  3. Select the appropriate Send Email boxes.

Configure an individual user to receive alert emails Parent topic

Procedure

  1. Access user properties:
    • For accounts created before 2021-08-04, go to Administration User Management Users and double-click a user account.
    • For accounts created on or after 2021-08-04, go to User Properties.
    • For access from the Server & Workload Protection Dashboard, click Edit properties on the User Summary for the past 30 days widget.
  2. On the Contact Information tab, enter an email address.
  3. Select Receive Alert Emails.

Configure recipients for all alert emails Parent topic

Even if recipients do not have their user account properties set to receive email notifications, this setting sends them all email alerts.

Procedure

  1. Select Administration System Settings Alerts.
  2. Enter an email address for Alert Email Address - The email address to which all alert emails should be sent.