The appliance is configured with a set of predefined alerts, described in the table below. The queries these are based upon cannot be modified, but in many cases you can clone the query to produce customized versions of these alerts. The predefined alerts are all disabled on installation, and by default all send email alerts to the admin user.
Although the underlying queries cannot be modified, the predefined alerts can be modified, so before activating any predefined alert, we strongly recommend that you open the alert in the Alert Builder, to verify that it is configured appropriately for your installation and purposes.
The following table describes all predefined alerts.
|
Alert |
Description |
|
Scheduled Job Exceptions |
Alert every 10 minutes on any scheduled job exception (including assessment jobs). |
|
Inactive STAPs Since |
Alert once an hour on all S-TAPs that have not been heard from. |
|
Database disk space |
Alert every 10 minutes if internal database is becoming filled. |
|
Aggregation/Archive Errors |
Alert once a day on all aggregation or archive tasks that did not complete successfully. |
|
Failed Logins to Guardium |
Every 10 minutes alert if there have been more than 5 failed login attempts on the Guardium appliance. |
|
Policy Changes Alert |
Alert once a day if there have been any security policy changes. |
|
Guardium - Add/Remove Users |
Alert once a day if any Guardium users have been added or removed. |
|
Guardium - Credential Activity |
Alert once a day if there have been any Guardium credential changes, including LDAP configuration changes. |
|
Inspection Engines and STAP |
Alert once a day on any activity related to inspection engine and S-TAP configuration. |
|
Data Source Changes |
Alert once a day on any data source definition changes. |
|
CAS Instance Config Changes |
Alert once a day on any CAS instance configuration changes. |
|
CAS Templates Changes |
Alert once a day on any CAS template configuration changes. |