In this article:

• Objective

• Prerequisites

• Steps to follow

• Validation and confirmation

• Tips

• Related topics and articles

Objective  

This article explains how to configure an alert profile in ManageEngine ADAudit Plus to notify administrators when specific activities occur outside of defined business hours. This helps organizations detect unusual behavior, enforce working hour policies, and identify potential security incidents such as unauthorized access or after-hours file activity.

Prerequisites  

• Have access to the ADAudit Plus web console.

• Have a user account with Administrator privileges or a Technician account with delegated permissions to configure administrative settings.

• Ensure business hours are already set in ADAudit Plus (Admin > Administration > Business Hours).

• The specific action you want to monitor (e.g., user logon or file modification) must be covered by an existing report in ADAudit Plus.

• To receive alert notifications via email from ADAudit Plus, ensure the SMTP settings are configured under Admin > General Settings > Server Settings.

Steps to follow

1. Log in to the ADAudit Plus web console as an administrator or with a Technician account with delegated permissions to create or modify alerts.

2. Navigate to the Alerts tab.

3. Click New Alert Profile in the top-right corner.

4. Enter a relevant Name and Description.

5. Set the Severity level based on the importance of the action being monitored.

6. Click the + symbol in the Report Profiles field.

7. Under Domain, select the on-premises domain.

8. In the Category drop-down, choose the relevant option that corresponds to the activity you want to monitor (e.g., User Logon or File Modification).

9. Click OK to add the report to the alert profile.

10. You can tailor the Alert Message to suit your specific requirements.

11. In the Advanced Configuration section, enable the Business Hour Alert check box and select Non Business Hours. 

12.   In the Alert Actions section, enable E-mail Notification.

13. Enter the recipient email addresses where the alert should be delivered.

14. Provide a clear and relevant subject line for the email notification.

15. Select the preferred format for the alert email, either HTML or Plain Text.

16. Select the details you would like to include in the email, such as:

• Alert Message

• Alert Profile Name

• Event Details

17. Enable the Throttle Notification option to suppress multiple alerts into a single notification based on defined criteria.
    Example: If multiple logon failures are detected from the same user within 15 minutes, consolidate them into one alert after that time window.

18. If SMS provider settings are already configured in ADAudit Plus (Admin > General Settings > Server Settings > SMS), enable SMS Notifications for real-time updates.

19. Enable the Execute Script option to trigger a script automatically when a specific alert is generated.
    Example: Lock a user account temporarily after detecting 10 consecutive logon failures from that account.

20. If a ticketing tool is integrated with ADAudit Plus (Admin > Configuration > Ticketing system Integration), enable Configure Auto Ticketing to automatically generate tickets for alerts.

Note: You can also use Throttle Ticket Generation to avoid creating a ticket for every alert and instead generate one for a group of alerts meeting certain conditions.

21. Click Save to activate the alert profile.

Validation and confirmation

• Simulate an after-hours event. Perform the monitored activity (e.g., user logon, file access, or group membership change) outside your configured business hours.

• Go to the Alerts tab and expand the on-premises domain or cloud account under Profile Based Alerts.

• Select the alert profile that was created to view alerts in the ADAudit Plus console.

• Verify that the alert appears with the correct business hour filter.

• Navigate to the relevant report (e.g., User Logon Activity).

• Use the Hours filter to confirm that the event is correctly classified as occurring during Non-Business [Business Hours].

• Ensure the alert email is received at the specified address.

Tips

• Use non-business hour alerts for sensitive activities such as:

• Privileged user logons

• Changes to security groups

• Access to confidential files

• Service or scheduled task creations

• Use descriptive names, like Alert – After-Hours Logon by Domain Admin. This improves visibility and searchability.

• Combine alerts with the user behavior analytics features in ADAudit Plus to track users repeatedly triggering alerts during non-business hours.

Related topics and articles

• How to configure business hours using ADAudit Plus