Getting Started with
Index
Navigating ………………………………………….……………………….…………..
Overview ………………………………………………………………………………..
PSA ………………………………………………………………..………..…..
Applications …………………………………………………………………….
Map ……………………………………………………………………………...
Alerts …………………………………………………………………………………….
Critical Alerts ……………………………………...…………………………....
Alerts …………………………………………………………………………….
Logged Events ……………………………………………………...…………
Customers ………………………………………….…………………………………..
Reports ………………………………………………………………………………....
Settings …………………………………………………………………………………
Navigating
SaaS Alerts has been designed for simple navigation. On the left hand side of the screen, a menu bar can be found with all available left hand menu options:
Clicking on the hamburger icon (≡) will open the menu bar, giving the user a full list of sections and subsections to navigate, each of which is labeled. The contents of each section and subsection will be explained on the following pages.
Overview
Upon logging into Saas Alerts, the user is taken to the Overview page. This page contains four bar graphs displaying summary information on “Most Critical Alerts”, “Most Alerts”, “Most Files Shared”, and “Most Active Connections” for your top five (5) customers in each category:
The x-axis of the graphs are the customer names, and the y-axis corresponds to the number of events for each of the customers represented with the most events in the specific category.
Tips:
- By clicking on the drop down menu located in the top right corner of each graph, different time periods can be selected. As seen in the image above, some of the graphs are showing information from “last week” and some are from “today”; this is of course relative to the day this information is being accessed.
This page is useful as it provides a very easy way to see which of your customers are engaging the most in potentially harmful activities.
PSA
The first subsection under Overview is PSA. This page contains a pie chart showing the customers with the most tickets and a summary of both the total number of critical alerts and total number of alerts for the given time period specified. Like the graphs in Overview, these three images all have drop down menus in the top right corner which enables the selection of a limited date range from which the information is gathered.
Tips:
- For the pie chart, hovering the mouse over any section of it will display the customer represented by that color and the amount of tickets that they have created.
Similar to the main Overview page, this subsection is very useful as a quick and easy reference on the behaviors of customers, both individually and as a whole.
Applications
This subsection is similar to the PSA subsection, but instead of showing information for each customer it shows information for the individual applications used by the customers:
Tips:
- Similar to the pie chart in the PSA section, hovering over the colored sections of the chart with the mouse will show which application is represented by each color.
- A limited date range selection is also available in this section in the top right corner of the charts.
This section is useful as it provides a good sense for which applications are the most heavily used by customers and which ones are more prone to potentially suspicious behavior.
Map
This subsection contains a map showing the location of end user connection points:
Tips:
- As seen in the image above, the connections are denoted by either a green or red dot. Green dots mean an authorized login, while red means a user has logged in from a non-approved location.
- In the top right corner of the page, there is a drop down menu that can be used to select which (or all) customer(s) is to be shown on the map.
- Clicking on a dot gives user information about the specific connection, including the username, ip address, time, application used and company.
- The map itself provides the ability to scroll through the map, zoom in or out, and switch to satellite view.
Alerts/Critical Alerts/Logged Events
Clicking the Alerts section opens the critical alert subsection. This page contains a list of all critical alerts. It shows the customer, application, date detected, the user and their ip, the event description, and the ticket associated with the event. The subsections for Alerts and Logged Events operate in the same manner. Critical Alerts and Alerts will generate a ticket to the PSA while logged events contain all other events that do not rise to the level of a ticket:
Tips:
- The search bar in the top row of the page can be used to single out specific keywords, regardless of what section they are, so events can be searched by any of the descriptors that the events contain (i.e. searching “microsoft” returns all microsoft related events, the same applies when searching a specific customer or user).
- The time period drop down is the same as it is for the graphs from the previous section, with the one difference that the default is a “blank” choice and displays all events regardless of its time period
- By pressing the arrow next to “Date Detected” the order of which the events appear can be flipped (i.e. first to last or last to first, based on the time and date)
- The drop down menu at the bottom that says “rows” can be clicked and the amount of events shown at a time can be changed between 5, 10, and 20.
SaaS Alerts Event Monitoring |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customers
This section is where all customers are listed in alphabetical order, along with their primary contact, whitelisted countries, users, status, and applications being monitored:
Tips:
- Similar to other sections, there is a search bar at the top right of the section page that helps to find specific customers based on keywords (i.e. customer name or application)
- There is a drop down menu next to the search bar that allows for specific time periods to be chosen
- The column labeled “Actions” allows the following to be done:
- Pressing the star icon “favorites” the customer starred, moving them to the top of the list; starred companies will appear in alphabetical order separately from the rest of the list
- Pressing the “i” icon opens a new page with information on the users of the customer that was selected, including names, email address, status, and connected apps (as shown in the image below).
- Pressing the pencil-shaped icon allows for the editing of the status and listed applications of the selected customer
- Pressing the trash can icon deletes the selected customer
Adding a Customer
To add a new Customer, from within the Customer tab on the left hand menu begin by. Pressing the “+” in the top left will begin the process. Once it is pressed, the following screen will be shown:
Tips:
- The creation of the customer can be canceled by clicking the button in the lower left corner
- Selecting self-onboarding provides the option to either have SaaS Alerts email the Domain Admin or copy the link so the email can be sent personally
Once the preliminary information is filled out, click “Continue” in the bottom right.
The next step is to whitelist the customer location and provide the email address for the customer’s Admin. Once ready, click “Continue”. If “Cancel” is pressed at this stage, the customer will be created and added to the list but without any information in the table (aside from the name).
The third step is adding Apps that will be monitored by SaaS Alerts for the customer. Clicking any specific icon opens a popup where the user can authenticate with SaaS Alerts to begin monitoring. Note: Please make sure to disable popup blockers so SaaS Alerts can authenticate to each App being monitored.
Once these steps have been completed, the new customer will have been successfully added to the list.
Reports
The Reports section allows for the creation of either a csv or pdf file containing the list of alerts that occurred during a selected period of time:
Tips:
- The drop down menus on this page can be used to edit specific parameters that affect what information is contained in the report. This includes the customer, specific users, applications, and events.
- The calendar is used to select the period of time over which data for the report is pulled.
- Once preparation to create the report is complete, click the “create” button at the bottom of the page. This opens a new page containing the table with the report information; this can then downloaded as a csv or pdf file by clicking the respective button on the bottom right of the page.
Settings
The settings section is where your business information is listed, including billing information, and MSP users.
Tip:
- Near the bottom of the page, there is an option to add a new email to send tickets to your PSA.
Comments
0 comments
Article is closed for comments.