Alert group
The Alerts Group page allows you to organize the security alerts that ’s monitoring activity generates.
You use the alert groups to filter the list of alerts displayed on the Security Alerts page and to filter the information in a DAM report.
Add, edit, or delete an alert group
Use the Alerts Group page to perform the following tasks:
To create new group, click Add.
To modify group settings, click the name of the group or the Edit icon in the Action column.
To delete a group, select the check box for one or more user-defined audit groups, and then click Delete.
Alternatively, you can create a new group when you search the list of alerts on the Security Alert page. (See Filtering and searching alerts.)
Pre-defined alert groups
FortiDB provides pre-defined alert groups that you can use to add and modify filtering criteria.
| Pre-defined alert groups | Descriptions |
|---|---|
| Major and Critical Alerts | Alerts that have major and critical severities. |
| Metadata Changes | Alerts generated by triggering metadata policies. |
| Privilege Changes | Alerts generated by triggering privilege policies. |
| Security Violations | Alerts that are triggered by security violations. |
| Table changes | Alerts that are triggered by inserts, updates, or deletes on tables. |
| Unacknowledged Alerts | Alerts that have a status of 'Unacknowledged'. |
Data filter for an alert group
The Filters tab allows you to define data filtering criteria for the group when you add or edit a group.
You can define one or more data filtering entries that specify the criteria to match. When an alert matches the specified criteria, it is included in the group.
| Exclude following filters | Select to select alerts that do not match the criteria. |
| Operator | Values And and Or are not available for the first row. |
| Column | Specify a column value. |
| Operator | Specify an operator. |
| Value | Enter a value or select one from the list of available values. |
| - (minus) and + (plus) | Click to add or remove rows that define criteria. |
If there are multiple filtering entries, combined both with "And" and "Or" operations, use the brackets "(" and ")" for the operations priority.
For example, to create a filter for the group "Table change by non-system user", use the following settings:
| Row | Operator | Column | Operator | Value |
|---|---|---|---|---|
| 1 | - | Action Type | Equals | Delete, Insert, Truncate, Update |
| 2 | and | Database User | Not Equal | SYSTEM |
| 3 | and | Login Name | Not Equal | SYSTEM |
To create a filter for a group that selects alerts generated when a specific user (scott) creates a table:
| Row | Operator | Column | Operator | Value |
|---|---|---|---|---|
| 1 | - | Policy Type | Equals | Metadata Policies |
| 2 | and | Action Type | Equals | Create Table |
| 3 | and | Database User | Equals | scott |