This KB provides an option for limiting the amount of tickets generated by OAL (Outside Approved Location) Events using Respond.
1. Within the SaaS Alerts UI access the Customize Alerts option under Settings
2. Use the search function to locate the IAM Event - User Location - Outside approved location and set this to low severity
3. We have confirmed that setting this alert to "Low" also sets all other OAL appended events to Low as well and prevents them from generating alert notifications via emails and PSA tickets.
4. Now you may use respond to select which Outside Approved Location events you would like to generate alerts. This can be accomplished by selecting the primary event itself "IAM Event - User Location - Outside approved location" and having it generate the desired ticket and selected severity.
Note: The rule alert severity must be set to "Critical" or "Medium" in order to generate alerts notifications to your PSA and Email.
Pro tip: If you want an alert notification to be generated and not other action to be taken after the conditions of your rule are met, you should set the rule action to "Alert Only".
or by selecting another event type and using the Filter option with the Description event property and entering Outside Approved Location in the Value option
Please follow the link below to our Youtube video to learn more about other use cases:
Comments
0 comments
Please sign in to leave a comment.