Content:
Overview
This article contains instructions on how to configure alerting rules for the following scenarios:
- When an Active Directory user password has been reset.
- When group policy link has been added for Active Directory Organizational Unit.
- When the Active Directory group whose name starts with Admins has been deleted.
Scenario 1: Active Directory user password has been reset
- In Cayosoft Guardian web portal, expand Change Monitoring node
- Click on the Change History node
- In Filter set:
- Action > Password reset
- Object type > AD User
- Click Apply.
- Click New Alert.
- Specify alert's name.
- Click Yes.
When the user password has been reset you will see the alert:
Scenario 2: Group policy link has been added for Active Directory Organizational Unit
- In Cayosoft Guardian web portal, expand Change Monitoring node
- Click on the Change History node
- In Filter set:
- Action > Add group policy link
- Object type > AD Organizational Unit
- Click Apply
- Click New Alert
- Specify alert's name
- Click Yes.
When the group policy link has been added for Active Directory Organizational Unit you will see the alert:
Scenario 3: Active Directory group whose name starts with Admins has been deleted
- In Cayosoft Guardian web portal, expand Change Monitoring node
- Click on the Change History node
- In Filter set:
- Action > Delete object.
- Object type > AD Group.
- Advanced > startswith(objectName, 'Admins')
For more details about the Advanced filter please see this article: How to use advanced filter in Cayosoft Guardian – Cayosoft Help Center.
- Click New Alert.
- Specify alert's name.
- Click Yes.
When the Active Directory group whose name starts with Admins has been deleted you will see the alert:
Alerting Rules
The created alerting rule will be displayed in Alerting Rules. You can configure the actions that should be executed in addition to raising the alert. For example, send alerts via Teams or via email. It is also possible to browse for its' Execution History or Generated Alerts:
Custom Queries
The created alerting rule is based on the query. This query will be displayed in Filter > Custom Queries. For more details about custom queries please see this article: Change Audit: Standard and Custom Queries – Cayosoft Help Center.
Comments
0 comments
Please sign in to leave a comment.