Network Security Manager Reports and Analytics

Technical Documentation>  Alerts and Notifications>  Creating an Alert Rule
Table of Contents

Creating an Alert Rule

To create an alert rule

  1. Navigate to Firewall View | Monitor > Alerts & Notifications > Rules page.

  2. Click Add Rule.

  1. Enter a Rule Name and select Priority Level.

  2. Set Redundancy Filter.

    The Alert Redundancy Filter allows you to define the time in seconds that the same alert is logged. The Alert Redundancy Filter has a default setting of 2 minutes and for Threats default setting is 5 minutes. You can set the Redundancy Filter between 30 seconds to 6 hours.

  3. Select the Alert Type, Sub-Type and enter the information based on the selection to include in the rule.

    Alert Type Sub-Type Action
    Network Usage

    Application Bandwidth (default)

    Enter a maximum App Bandwidth (Mbps).

    Total Interface Bandwidth

    Enter a maximum Interface Bandwidth (Mbps).

    Max Connection Count

    Enter a maximum Connection Count in (K Connections).

    CPU Usage

    Enter a maximum CPU Usage (%)
    Per Interface Select the Interface(s) and define the Packet Rate (PPS), Bandwidth (MBPS), Connection Rate (CPS) for the selected interface(s).
    Threats
    • Botnet (default)
    • Intrusion Prevention
    • Spyware
    • Virus
    		  
    Web Activities

    Websites (default)

    Add the websites to be included in the rule.

     

    • To match URL "www.yahoo.com/*" input "www.yahoo.com" in the domain name field, to match URL "*.yahoo.*/*" input "yahoo" in the domain name field and to match URL "*.yahoo.in/*" input "yahoo.in" in the domain name field.
    • Multiple matches can be added with a comma separator.
    Web Categories Select the web categories to be included from Not In Group list and click the caret-right icon to add to the In Group list.
    Geo-Locations Countries (default) Select the countries to be included from Not In Group list and click the caret-right icon to add to the In Group list.
    System Events

    Site-to-Site VPN (default)
    1. Select the VPN Tunnel Name from the drop-down menu. All is selected by the default.
    2. Select the VPN Tunnel Status, Any, Up, or Down. Down is selected by the default.

    Firewall Reboot

    		  

    WAN Probe Failure

    		  
    Cloud Secure Edge  
    Attack Logs  
  4. Click Next.

  5. Set the notification Actions.

    By the default, all the options are disabled.

    System Alerts Enable Show Alerts for this Notification to get alerts in Notification Center.
    Email Enable Send Email Notifications to get alert notifications through the Email.
    History

    Enable Save notifications to save the notifications under the Firewall View | Monitor > Alerts & Notifications > History page. For more information, refer to History of Alerts and Notifications.

    Enter the number of Days that the saved notifications to be retained. You can set between 1 and 10 days. The default value is 10 days.

  6. Click Next.
  7. Review the rule and click Save.