ESM: Monitor Policies

Document created by RSA Information Design and Development on Jul 27, 2016
Version 1Show Document
  • View in full screen mode

Use the Monitoring Policies view to manage alert configuration for your event source groups.

You can create policies that alert on event source groups, by setting thresholds and notifications:

  • Thresholds set ranges for frequency of log messages. You can specify a low threshold, a high threshold, or both.
  • Notifications describe how and where to send alerts when thresholds are not met.
  • You combine thresholds and notifications to create alerts based on the frequency you specify.

For example, let's say that you have created an event source group that consists of all your Windows event sources based in the United Kingdom. You could specify a policy that alerts you whenever fewer than 1000 events per 30 minutes arrive.

Next steps 

You are here: Procedures > ESM: Monitor Policies