Hello. I'm Ghazwan Khairi, a strategic systems consultant with Quest. And today I'm going to demo alerts in Quest On Demand Audit. As you can see on the screen, I switched over to the Alerts tab. And under the Alerts tab, there's a couple of links. There's Alerts, and then there's Alerts Plan.
Let's start first with the Alerts Plan and then we'll go back to the Alerts. Under the Alerts plan, you'll notice there's a default Global Alert plan. These are basically the individuals whom which will receive emails when an alert is triggered. So you can plug in one or many email addresses in here, you can just follow it by a comma.
And the first thing I'll do is just send a test to myself to see that I'm actually receiving these events or these triggers, or alerts when they are triggered. Here's a new email that I just received. We'll open it up. And this basically says "Alert Triggered. This message confirms that you are set to receive On Demand Alert." So this is, again, just kind of make sure that I'm actually receiving the alerts.
In order to actually trigger alerts, what we'll have to do is under the Search section, if we go to just all events in the last seven days, these are all the events, say, this is the report or this is the search result that I want to be alerted against. I could have created my own custom search that looks at specific values. For example, I just want to be alerted when an anonymous link has been sent from my OneDrive to external users, or to just anonymous, right?
So I can configure that search, save it, and then, all I have to do to get the alert going is click on alert. This tells me that the alert has been enabled. I'll go ahead and click OK. And then this also gives me a link, whereby I can go and check it out from here directly, go to my alerts section, and I'll see that all events in the last seven days have now been enabled.
Let me quickly go back to my inbox just so that we don't wait for alerts to arrive. Here is an email that I received. With alerts triggered, two events were found matching my search. And my search is all Active Directory object deletions in the last seven days. So here is a couple of events that were triggered.
From here, I can click View All events. This will take me to my On Demand interface. Or I can specifically grab any of these events and go to the event itself. Let me kind of demo this this way. If I select this here, this is, again, looking at just deleted events. And in this case, just one specific event.
I'll go ahead and select my organization because I have multiple ones. And then we'll go ahead and select the organization. You'll notice that it takes me directly to the event details. So this is an email alert that I received about an event. All I care about is when objects are deleted. And here's the event detail. All of it. I can copy this to my clipboard, or I can actually grab that entire URL and share it with someone else who has access to the same subscription.
One thing that you will notice, if I go back, if I close this, if I go back to my alerts, email, notice that the columns of the email I receive has link, time detected, user, the actor, all these fields. These fields are exactly a match of what I have under the event itself. So if I go to the event, you'll notice that this is the exact same field. So if I had customized my view when I added or removed specific columns, and then I triggered that alert, this is exactly the grid that I will receive in my inbox.
So that concludes this demo. For more information, visit the Quest On Demand audit URL listed on the screen.
04:23