Configuring automatic rollback

In Cayosoft Guardiann, you can configure Alerting rules that raise alerts for each change detected, and send optionally notifications via Microsoft Teams and/or by email. The automatic rollback feature can be enabled for any alerting rule.

This article contains instructions on how to configure sending an alert via email and automatically roll back the changes when the Active Directory group whose name starts with Admins gets deleted.

Configuring an alerting rule

1. In theCayosoft Guardian web portal, navigate to Change History.
2. Click All Changes.
3. Create a Deleted Admins Groups Custom query that will track deleted groups whose objectName starts with Admins.

 

4. In the Advanced filter, set a filter by entering startswith(objectName, 'Admins').

 

5. When the query is created, select it from the list of queries.
6. Click New Alert to get the alert and email when the group whose objectName starts with Admin is deleted.

 

7. Enable Actions to receive notifications via Teams or email.

 

8. Send an alert via Teams/email.

   NOTE: To be able to send alerts via Teams or via email you should configure Configuration: Configure communication channels.

9. Automatic rollback.

   NOTE: Automatic rollback will NOT be initiated for changes made by Guardian service accounts.

10. Send rollback notifications via email.

11. Save changes.

    When the group whose name starts with Admins is deleted, you will see the alert in Cayosoft Guardian. In addition, you will receive an email that the group has been deleted and an email for the group being restored.