Configuring suspicious activity alerts
Your web protection software can notify you when suspicious activity of a specified severity level reaches a defined threshold. You can define alerts for permitted requests and blocked requests of each severity level.
Because Content Gateway is required to detect critical and high severity alerts, it is not possible to configure alerting for those severity levels in Web Filter & Security deployments.
Forcepoint Web Security customers who have enabled advanced file analysis can enable email or SNMP alerts to be sent when a file submitted for analysis is determined to be malicious.
Use the page to set or change alerting configuration for alerts associated with suspicious events in your network. Detailed information about these events is displayed on the Threats dashboard.
The page displays 2 tables: Permitted Suspicious Activity Alerts and Blocked Suspicious Activity Alerts. If the Advanced File Analysis has been enabled, a third table is added.
Each table for suspicious activity alerts shows:
- The Severity level to be configured. The 4 severity levels are critical, high, medium, and low. Severity level is determined by the threat category associated with the alert. See How severity is assigned to suspicious activity for more information.
- The alerting Threshold. By default, the threshold for critical and high severity alerts, both permitted and blocked, is 1.
- One or more notification methods. Suspicious activity alerts can be sent via Email, SNMP, or both.
For advanced file analysis, you can enable alerting via email, SNMP, or both when an analyzed file is found to be malicious.