Configure alerts | Trend Micro Service Central

Alerts are generated when Server & Workload Protection requires your attention, such as an administrator-issued command failing, or a hard disk running out of space. Workload Security includes a pre-defined set of alerts (for a list, see Predefined alert definitions). Additionally, when you create protection module rules, you can configure them to generate alerts if they are triggered.

There are several ways to see which alerts have been triggered:

They're displayed in the "Alert Status" dashboard widget in the Server & Workload Protection console.
They're displayed on the Alerts page in the Server & Workload Protection console (see View alerts in Server & Workload Protection).
You can get an email notification when an alert is triggered (see Set up email notification for alerts.)
You can generate alert reports (see Generate reports for alerts and other activity).

View alerts in the Server & Workload Protection console

The Alerts page in the Server & Workload Protection console displays all alerts that have been triggered, but not yet responded to. You can display alerts in a summary view that groups similar alerts together, or in list view, which lists all alerts individually. To switch between the two views, use the menu next to "Alerts" in the page's title. You can also sort the alerts by time or by severity.

In summary view, expanding an Alert panel (by clicking Show Details) displays all the computers (or users) that have generated that particular alert. Clicking the computer will display the computer's Details window. If an alert applies to more than five computers, an ellipsis ("...") appears after the fifth computer. Clicking the ellipsis displays the full list. Once you have taken the appropriate action to deal with an alert, you can dismiss the alert by selecting the check box next to the target of the alert and clicking Dismiss. (In list view, right-click the alert to see the list of options in the context menu.)

Alerts that can't be dismissed (like "Relay Update Service Not Available") will be dismissed automatically when the condition no longer exists.

Note

In cases where an alert condition occurs more than once on the same computer, the alert will show the timestamp of the first occurrence of the condition. If the alert is dismissed and the condition reoccurs, the timestamp of the first re-occurrence will be displayed.

Tip

Use the Computers filtering bar to view only alerts for computers in a particular computer group, with a particular policy, etc.

Unlike security events and system events, alerts are not purged from the database after a period of time. Alerts remain until they are dismissed, either manually or automatically.

Configure alert settings

To configure the settings for individual alerts, go to the Alerts page in the Server & Workload Protection console and click Configure Alerts. This displays a list of all alerts. A green check mark next to an alert indicates that it is enabled. An alert will be triggered if the corresponding situation occurs, and it will appear in the Server & Workload Protection console.

You can select an alert and click Properties to change other settings for the alert, such as the severity level and email notification settings.

The following feature is part of a controlled release and is in Preview. Content is subject to change. { .preview }

For any "Unable to communicate" alerts, to exclude information about desktop machines, select the checkbox Do not send email notifications when this alert condition occurs on Desktop OSs. For this alert, desktop operating systems are defined as Windows (versions 7, 8, 8.1, 10, and 11) and macOS (version 10.15, 11, 12, and 13).

Set up email notification for alerts

Server & Workload Protection can send emails to specific users when selected alerts are triggered.

To enable email notifications:

Turn alert emails on or off

Procedure

Go to the Alerts page and click Configure Alerts to display the list of alerts.
A green check mark next to an alert indicates that it is enabled. An alert will be triggered if the corresponding situation occurs, and appear in the Server & Workload Protection console. If you also want to receive email about the alert, double-click on an alert to display its Properties window, then select at least one of the "Send Email" check boxes.

Configure an individual user to receive alert emails

Procedure

Use the following steps to configure settings in Server & Workload Protection.
1. Go to Endpoint Security Operations → Server & Workload Protection → Dashboard, locate the User Summary for the past 30 days widget and click the Edit properties link.
2. On the Contact Information tab, enter an email address and select Receive Alert Emails.

Configure recipients for all alert emails

Note

All alert emails will be sent to this address or email distribution list, even if the recipients have not been set up in their user account properties to receive email notifications.

Procedure

Go to Administration → System Settings → Alerts.
For Alert Email Address - The email address to which all alert emails should be sent, provide an email address or a distribution list email address.