Alerts Handling
The Superna Data Security Essentials provides alerting capabilities through two primary channels:
- Email Notifications
- Windows Event Log Integration
Email Notifications
Alerts are sent via email to designated recipients, ensuring immediate awareness of critical events. Admins can specify the email accounts to receive notifications. See the section Email Configuration to review how the email can be configured.
Windows Event Log Integration
Our software supports Windows Event Log, allowing alerts to be seamlessly integrated with any Security Information and Event Management (SIEM) system. This integration enables comprehensive monitoring and centralized management of alerts across the organization's IT infrastructure.
Windows Event Log Details
A custom view called Data Security Essentials is available in the Windows Event Log to display only Data Security Essentials events
The following details are recorded in the Windows Event Log for each alert:
- Source:
- Data Security Essentials - BOTs or Data Security Essentials - Policy Engine (split based on the application)
- Event ID:
- Specific to Windows Event Log
- Event Type:
- Information: General information or successful operations.
- Warning: Security-related alerts generated by BOTs and policies.
- Error: Errors from the product.
- Category:
- Windows
- Message:
- A short description of the event or alert.
- Computer/Device Name:
- The name of the server/computer from which the alert has been sent.
- User:
- User information (if applicable).
- Time Stamp:
- The date and time when the event occurred.
- Severity:
- Replicates the information from the event type.
- Event Data:
- The event data includes the following details, formatted in XML and JSON:
- Unique event ID from the application
- Windows event ID
- Device/network element affected
- Shares affected
- Directories affected
- Files affected
- User name, user SID
- Severity
- Name of the BOT or Policy
- User state from BOT or Policy
- User computer name where the event originated
- The event data includes the following details, formatted in XML and JSON:
Alarm Syntax
The alarm syntax allows filtering alarms within SIEM alarm forwarding.