In this article  :

• Objective

• Prerequisites

• Steps to follow

• Validation and confirmation

• Tips

• Related topics and articles

 Objective 

To create an alert in ADAudit Plus that notifies administrators about specific activities or changes in Active Directory, Windows servers, workstations, or file servers, enabling timely response to security events and compliance requirements.

 Prerequisites 

• You must have administrative access or a technician account with permissions to create and manage alert profiles in ADAudit Plus.

• Ensure that the ADAudit Plus server is properly configured to send email or SMS notifications (configure SMTP and SMS gateway settings).

• The relevant auditing and data collection configurations must be enabled for the events you want to monitor.

 Steps to follow 

1. Log in to the ADAudit Plus web console as an administrator or with a technician account with delegated permissions to create or modify alerts.

2. Navigate to the Alerts tab.

3. Click New Alert Profile in the top-right corner.

4. Enter a relevant Name and Description (e.g., User Moved Between OUs).

5. Click the + symbol in the Report Profiles field.

6. Under Domain, select the required domain, either on-premises or Cloud Account.

7. In the Category drop-down, choose the required category and sub-category.

8. You can tailor the Alert Message to suit your specific requirements.

9. Additionally, the Advanced Configuration options allow you to customize alerts based on thresholds, business hours, and advanced filtering criteria.

10. In the Alert Actions section, enable E-mail Notification.

11. Enter the recipient email addresses where the alert should be delivered.

12. Provide a clear and relevant subject line for the email notification.

13. Select the preferred format for the alert email, either HTML or Plain Text.

14. Select the details you would like to include in the email, such as:

• Alert Message

• Alert Profile Name

• Event Details

15. Enable the Throttle Notification option to suppress multiple alerts into a single notification based on defined criteria.
    Example: If multiple logon failures are detected from the same user within 15 minutes, consolidate them into one alert after that time window.

16. If SMS provider settings are already configured in ADAudit Plus (Admin > General Settings > Server Settings > SMS), enable SMS Notifications for real-time updates.

17. Enable the Execute Script option to trigger a script automatically when a specific alert is generated.
    Example: Lock a user account temporarily after detecting 10 consecutive logon failures from that account.

18. If a ticketing tool is integrated with ADAudit Plus (Admin > Configuration > Ticketing system Integration), enable Configure Auto Ticketing to automatically generate tickets for alerts.

Note: You can also use Throttle Ticket Generation to avoid creating a ticket for every alert and instead generate one for a group of alerts meeting certain conditions.

19. Click Save to activate the alert profile.

 Validation and confirmation 

• Trigger a test event that matches the alert criteria (for example, modify a group membership or perform a logon on a monitored system).

• Navigate to the Alerts tab in the ADAudit Plus web console and verify that the alert is generated and listed.

• Check that notification emails or SMS messages are received by the configured recipients.

• Confirm that the alert details accurately reflect the event information (such as time, user, and affected object).

 Tips 

• Use clear and descriptive names for alert profiles so they are easy to identify and manage later.

• Apply filters carefully to avoid generating excessive alerts for routine activities.

• Enable throttle notifications to consolidate multiple similar alerts into a single notification within a defined time window.

• Periodically review and update alert criteria to align with changes in your environment and security policies.

• Test new alerts in a controlled environment before applying them to production systems.

 Related topics and articles 

• How to create custom report in ADAudit Plus