Alerts
Alerts let you monitor and investigate suspicious activity within your organization. Alerts are triggered by rules you define.
Depending on your account setup, alerts are received from one or more of the channels:
-
Endpoint: lets you monitor potentially risky user activities such as copying files to a sensitive location, exfiltrating private data and more. Triggered by detection rules. You can view the details of the activity, user and endpoint, rules and change its status. If enabled, you can view the relevant screenshot. To create alerts from detection rules, see ITM / Endpoint DLP Rules.
-
Cloud: lets you monitor Proofpoint CASB DLP alerts which are defined by Proofpoint CASB DLP detectors that search for sensitive data in files. When an event matches a Proofpoint CASB DLP detector, a DLP alert is created. You can view details of the alert, change its status and perform remediation. The map in the details area shows you where the alert occurred.
-
Email: lets you monitor risky email activity by finding and classifying messages that trigger alerts. You can view details of the alert, change its status and perform remediation.
To see the alerts, from the Proofpoint Information and Cloud Security Platform, select the Analytics app and then from the side menu, select Alerts.
Alerts are displayed in graphic and table format so you can easily identify what is happening. You can view and analyze the alert details with intuitive data visualizations.
Related Topics: