netwrix · stuart-jaeckel-netwrix · Jul 3, 2025 · Jun 30, 2025 · Jun 30, 2025 · Jun 30, 2025
@@ -0,0 +1,139 @@
+---
+id: alerts
+title: "Alerts"
+pagination_label: "Alerts"
+sidebar_label: "Alerts"
+sidebar_position: 79
+description: "Learn how to configure and manage alerts that notify you of critical security events and actions in your organization."
+---
+
+# Alerts
+
+When you create an alert profile, several alerts are preconfigured for it. You can, however, choose
+to enable or disable them as well as add custom alerts to the profile. These alerts are triggered by
+specific events. This means that when the defined action (event) is detected within the organization
+the alert profile is assigned to, an alert is generated. Alerts notify you of critical actions that
+impact your organization's security, enabling you to respond swiftly to potential risks.
+
+You can access the generated alerts in the following ways:
+
+- View the alerts generated for an organization on the Netwrix 1Secure dashboard. See the
+  [1Secure Dashboard](/docs/1secure/admin/dashboard/index.md) topic for additional information.
+- Receive alerts as email notifications sent to the specified email address(es). See the
+  [Manage Delivery Settings for an Alert Profile](profiles.md#manage-delivery-settings-for-an-alert-profile) topic
+  for setting up email notifications.
+
+Follow the steps to view the alerts within an alert profile.
+
+**Step 1 –** Navigate to Configuration > Alerts.
+
+**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list.
+
+![Alerts List within an alert profile](/img/product_docs/1secure/admin/alerts/alertslist.webp)
+
+You can view the following for each alert in the list:
+
+- Source – Indicates the origin or type of data that triggers the alert. For example, Activity
+  Records.
+- Alert Name – The name of the alert
+- Is Active – Indicates whether the alert is activated. You can toggle it ON or OFF as required.
+- Grouping On – Indicates whether grouping is applied to the alert. If yes, then it displays the
+  criteria, such as What, Who, Where, etc.
+- Threshold – The threshold value set for the alert. The threshold is the minimum number of activity
+  records that must occur within a specified time frame (threshold period) to trigger an alert.
+- Threshold Period – The threshold period set for the alert. The threshold period is the maximum
+  duration, starting from the first activity record, within which the specified number of activity
+  records (threshold) must occur to trigger an alert.
+- Batching Period – The batching period set for the alert. The batching period feature allows you to
+  receive a single notification that includes all alerts triggered during the specified period.
+
+## Add a Custom Alert
+
+Follow the steps to add a custom alert.
+
+**Step 1 –** Navigate to Configuration > Alerts.
+
+**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list.
+
+**Step 3 –** Click **Add**. The New Alert pane is displayed.
+
+![New Alert Pane](/img/product_docs/1secure/admin/alerts/addcustomalert.webp)
+
+**Step 4 –** Select a custom report from the Report drop-down menu to trigger the alert when a new
+record is generated for the report. See the [ Custom Reports](/docs/1secure/admin/searchandreports/customreports.md)
+topic for additional information.
+
+**Step 5 –** Specify a name and description for the alert.
+
+**Step 6 –** Toggle the **Is Active** switch to ON to activate the alert. Notifications are sent for
+active alerts only.
+
+**Step 7 –** Toggle the **Is Grouped** switch to ON, which displays the Grouped On drop-down menu.
+When grouping is enabled, alerts are organized based on the criteria you select in the _Grouped On_
+drop-down menu.
+
+**Step 8 –** Select one of the following options from the **Grouped On** drop-down menu:
+
+- Who – Groups alerts with respect to the user who performed the activity (deleted an account,
+  created a record, etc.)
+- Where – Groups alerts with respect to the location where the activity is performed. For example,
+  SharePoint Online site, file server, etc.
+- What – Groups alerts with respect to the object the activity is performed on, such as a computer,
+  file, etc.
+
+Example: You have two users, User 1 and User 2, each performing different actions. By setting
+"Grouped On" to "Who", alerts will be generated per user, resulting in two separate alerts — one for
+User 1 and another for User 2. Each alert will include only the activity associated with that
+specific user. If grouping is not enabled, all activities will be consolidated into a single alert
+based on the specified _threshold_ and _threshold period_.
+
+**Step 9 –** In the Threshold field, specify a threshold for the alert. The threshold is the minimum
+number of activity records that must occur within a specified time frame (threshold period) to
+trigger an alert. For example, if the threshold is set to 3, an alert will be triggered when at
+least 3 activity records are generated within the specified time frame.
+
+**Step 10 –** In the Threshold Period field, specify a threshold period for the alert. The threshold
+period is the maximum duration, starting from the first activity record, within which the specified
+number of activity records (threshold) must occur to trigger an alert. For example, if the threshold
+is set to 5 and the threshold period is 10 minutes, at least 5 activity records must be generated
+within 10 minutes to trigger an alert.
+
+**Step 11 –** If you do not want alert notifications to be sent to you each time an alert is
+generated, there is a batching period option. In the Batching Period field, specify a batching
+period for the alert. The batching period feature allows you to receive a single notification that
+includes all alerts triggered during the specified period. For example, if the batching period is
+set to 30 minutes (00:30:00) for an alert such as "Computer removed," you will receive a single
+notification for the alerts generated during that time frame, rather than receiving individual
+notifications for each alert.
+
+**Step 12 –** Click **Save**.
+
+The alert is configured and added to the list.
+
+## Modify an Alert
+
+Follow the steps to modify a preconfigured or custom alert.
+
+**Step 1 –** Navigate to Configuration > Alerts.
+
+**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list.
+
+**Step 3 –** Click the **Edit** icon for an alert. The Edit alert pane is displayed.
+
+**Step 4 –** Modify the required information. See the
+[Add a Custom Alert](#add-a-custom-alert) topic, starting from Step 4 for additional information.
+
+**Step 5 –** Click **Save**.
+
+## Delete a Custom Alert
+
+Follow the steps to delete a custom alert.
+
+**Step 1 –** Navigate to Configuration > Alerts.
+
+**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list.
+
+**Step 3 –** Click the **Delete** icon for an alert to delete it. A dialog box is displayed,
+prompting you to confirm the deletion of the alert.
+
+**Step 4 –** Click **Yes**. The alert is deleted from the system.
@@ -0,0 +1,106 @@
+---
+id: alert-profiles
+title: "Alert Profiles"
+pagination_label: "Alert Profiles"
+sidebar_label: "Alert Profiles"
+sidebar_position: 80
+description: "Learn how to create and manage alert profiles with grouped configurations and delivery notification settings."
+---
+
+# Alert Profiles
+
+Alert profiles provide a way to easily group alert configurations and delivery notification settings
+together. You can create an alert profile, enable relevant alerts for the profile, and assign it to
+organization(s). Additionally, you can customize delivery settings and specify which user(s) will
+receive notifications when alerts in the profile are triggered.
+
+To view the alert profiles, navigate to Configuration > Alerts.
+
+![Alert Profiles List](/img/product_docs/1secure/admin/alerts/alertsprofiles.webp)
+
+Alert profiles are displayed in the list with the following information:
+
+- Alert profile – The name of the alert profile
+- Alerts enabled – The number of alerts enabled for the profile
+- Used in organizations – The number of organizations the alert profile is applied to
+- Notification delivery – Indicates whether email notifications are configured for the profile
+
+**NOTE:** The alert profile named _Netwrix Profile (Default)_ is available by default and is
+automatically applied to all managed organizations.
+
+## Add an Alert Profile
+
+Follow the steps to add an alert profile.
+
+**Step 1 –** Navigate to Configuration > Alerts.
+
+**Step 2 –** Click **Add profile**. The New alert profile pane is displayed.
+
+![New Alert Profile pane](/img/product_docs/1secure/admin/alerts/addalertprofile.webp)
+
+**Step 3 –** Enter a name for the alert profile in the Name field and click **Save**.
+
+The alert profile is added to the list. You can:
+
+- Assign this profile to an organization. You can do this when creating a new organization or
+  editing an organization. See the [Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) topic
+  for additional information.
+- Click the profile to review the list of alerts, enable the desired alerts, make necessary edits
+  for alerts, and set delivery settings for the alert profile. See [Alerts](/docs/1secure/admin/alerts/index.md) topic for
+  additional information.
+
+## Modify the Name of an Alert Profile
+
+Follow the steps to modify the name of an alert profile.
+
+**Step 1 –** Navigate to Configuration > Alerts.
+
+**Step 2 –** Click the Edit icon for an alert profile. The Edit alert profile pane is displayed.
+
+**Step 3 –** Modify the name of the profile.
+
+**Step 4 –** Click **Save**.
+
+## Delete an Alert Profile
+
+**NOTE:** (1) The alert profile named _Netwrix Profile (Default)_ cannot be deleted.  
+(2) When an alert profile is deleted, the _Netwrix Profile (Default)_ is automatically assigned to
+the organizations that were previously assigned the deleted profile.
+
+Follow the steps to delete an alert profile.
+
+**Step 1 –** Navigate to Configuration > Alerts.
+
+**Step 2 –** Click the Delete icon for an alert profile to delete it. A dialog box is displayed,
+prompting you to confirm the deletion of the profile.
+
+**Step 3 –** Click **Yes**. The alert profile is deleted from the system.
+
+## Manage Delivery Settings for an Alert Profile
+
+You can receive alerts by email or through the third-party ticket service, as used by the Managed
+Service Providers.
+
+Follow the steps to configure alerts by email.
+
+**Step 1 –** . Navigate to Configuration > Alerts.
+
+**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list.
+
+**Step 3 –** Click the Email icon under Delivery Settings. The Email Delivery Settings pane is
+displayed.
+
+![Email Delivery Settings pane](/img/product_docs/1secure/admin/alerts/alertsemaildelivery.webp)
+
+**Step 4 –** . Toggle the Enabled switch to ON to enable email notifications for the alert profile.
+
+**Step 5 –** In the Email Addresses field, enter the email address of a recipient for alert
+notifications and click the Add icon. To specify multiple email addresses, add them one by one.
+
+**Step 6 –** Check the **Email Organization Admins** check box to send the alerts to all the
+organization admins by email.
+
+**Step 7 –** Click Save.
+
+You may also link to a third-party ticketing system. See the
+[Third-party systems](/docs/1secure/integrations/index.md) topic for additional information.
@@ -0,0 +1,108 @@
+---
+id: alerts-timeline
+title: "Alerts Timeline"
+pagination_label: "Alerts Timeline"
+sidebar_label: "Alerts Timeline"
+sidebar_position: 81
+description: "Learn how to view and analyze triggered alerts using statistics, charts, and comprehensive alert lists."
+---
+
+# Alerts Timeline
+
+The Alerts Timeline page provides a view of triggered alerts. It highlights key statistics,
+including the top 5 alert types by count and a timeline chart to visualize alerts triggered over
+time. The page also displays a complete list of generated alerts for thorough analysis and
+monitoring.
+
+To access the Alerts Timeline page, click **Home** at the top and do one of the following:
+
+- On the Top 5 Organizations with Most Alerts chart, click a bar. It opens the Alerts Timeline page
+  that displays alert-related data for the organization represented by the selected bar.
+- On the Top 5 Triggered Alerts by Type chart, click a bar. It opens the Alerts Timeline page that
+  displays alert-related data for all managed organizations.
+- In the organizations list, click an organization name to navigate to the Organization Statistics
+  page, then click the Alerts Timeline chart. It opens the Alerts Timeline page that displays
+  alert-related data for the organization selected in the organizations list.
+
+![Alerts Timeline Page](/img/product_docs/1secure/admin/dashboard/alertstimeline.webp)
+
+If you are a managed organization user, this page displays insights specific to your organization.
+
+If you are a managing organization (MSP) user, this page provides insights for all your
+organizations.
+
+Top 5 Alerts by Count
+
+This card displays a pie chart illustrating the five most frequently triggered alert types. Each
+slice represents the share of an alert type relative to the others. Hover over a slice to view the
+exact number of alerts for that type.  
+The legend maps the colors used in the pie chart to the names of the alert types along with the
+share percentage.
+
+Click an alert type on the legend to disable it. Disabled alert types are not displayed in the pie
+chart. Hence, the pie chart displays only the enabled alert types and their percentage shares with
+respect to each other. You can click a disabled alert type on the legend to enable it.
+
+Alerts Timeline
+
+This card displays a bar chart illustrating the number of alerts triggered for the period selected
+in the timeframe drop-down menu. Hover over a bar on the chart to view the exact number of alerts
+triggered on any specific date.
+
+Alerts List
+
+This section lists all the triggered alerts with the following information:
+
+- Organization – Displays the name of the organization the alert belongs to. Click an organization
+  name to view its alert-related data on the Alerts Timeline page. On filtering data by
+  organization, the Organization column is hidden from the Alerts list.
+- Alert time – Displays the date and time when the alert is triggered
+- Source type – Displays the origin or type of data that triggers the alert. Source types are:
+
+    - Activity Records – Alerts generated based on user activities or actions
+    - Health Notifications – Alerts related to system performance, for example, when Netwrix 1Secure
+      is unable to communicate with Netwrix Cloud Agent.
+
+- Alert name – Displays the name of the alert
+- Num activity records – Displays the number of activity records associated with the triggered
+  alert, based on the threshold value set for it. The threshold is the minimum number of activity
+  records that must occur within a specified time frame (threshold period) to trigger an alert.
+- Last updated – Displays the date and time when the alert is triggered, based on the threshold
+  value set for it. The threshold is the minimum number of activity records that must occur within a
+  specified time frame (threshold period) to trigger an alert.last updated.
+- Item – Displays the name of the entity by which the alert is grouped, such as a computer, file,
+  user, etc.
+- Activity Records – Click the Activity Records link for an alert to navigate to the Activity page,
+  where you can view a detailed report for that alert type. See the
+  [Activity Reports](/docs/1secure/admin/searchandreports/activity.md) topic for additional information.
+
+Click a column header to sort data in the alerts list by that column in ascending order. An arrow
+appears next to the column name to indicate the sort order. Click the column header again to sort
+the data in descending order.
+
+Edit Alerts Settings
+
+Click the **Edit Alerts Settings** link to navigate to the Alerts page, where you can create a new
+alert and modify existing ones. See the [Alerts](/docs/1secure/admin/alerts/index.md) topic for additional
+information.
+
+## Filter Data
+
+Multiple filters are available on this page to enable you to filter data as desired. You can apply
+one or more filters at a time.
+
+- Organizations – Select an organization from the Organizations drop-down menu to view its
+  alert-related data.
+- Filter by Keyword – Type a search string (only alpha characters allowed) in the Filter by keyword
+  field and press Enter. The Alerts list displays the data that matches the specified keyword.
+- Alert – Select an alert type from the Alert drop-down menu. The charts and the alerts list display
+  data specific to the selected alert type. By default, All is selected.
+- Item – Select an item from the Item drop-down menu. The charts and the alerts list display alert
+  data specific to the selected item. By default, All is selected.
+- Timeframe – Select a time period from the Timeframe drop-down menu. The charts and the listing on
+  the page display data for the selected time period. For example, if you select 7 Days, the data
+  will reflect information for the past 7 days. By default, 30 Days is selected. Options are:
+
+    - 7 Days
+    - 30 Days
+    - 90 Days