home

Security Service Edge

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Security Service Edge

Create Activity Alerts

Create Alerts for Managed Cloud Applications

  1. Select Monitor > Activity Alerts.
  2. In the Managed Clouds tab, click New.
  3. Enter an Alert Name.
  4. Select an Alert Type.
    1. For Cloud Activity alerts, enter or select the following information:
      • Cloud Account -- The cloud application for the alert.
      • Activity -- Check the boxes for one or more activities.

      • Filters -- Select the filters for this alert activity type.

        • For Time Window, select a day and time range in which the activity occurs.
        • For Threshold, enter the number of events, the duration, and time increment (Mins or Hours) for this activity (for example, 1 event every 4 hours).
        • The Aggregate Alert Counts toggle is enabled by default, which indicates that threshold aggregation occurs at the cloud application level. To enable activity count aggregation at the individual user level, click the toggle to disable it.
        • For User Groups:
        • Click in the box to the right.
        • Double-click a directory name.
        • Select a group from the list that appears and click the arrow to move it to the
        • Selected Groups column.
        • Click Save.
        • To specify more than one filter, click the + button and select another filter.
    2. For External System Connectivity alerts, select the following information:
      • Services - Check the boxes for one or more services, including Enterprise DLP, Log Agent, SIEM, and ZTNA Connector Alert.
      • Frequency - Select Once or Send Reminders. For Send Reminders, enter a reminder quantity and time increment (day or hour). For example, 2 reminders per day.
    3. For Tenant Activity alerts, first select an Activity Type: Anomaly, Risk Score Change, or User Directory.

      • For Anomaly, select one or more anomaly types to include in notifications. Then, for Filters, select Time Window or Threshold.

        • For Time Window, select a day and time range in which the anomaly occurs.
        • For Threshold, enter the number of events, the duration, and time increment (Mins or Hours) for this activity (for example, 1 event every 4 hours).
        • To specify more than one filter, click the + button.

      • For the User Directory, select Threshold from the Filters prompt, then enter a sync deviation value and specify whether it is a count or a percentage.

        Each time the user directory is synced, Secure Cloud Access compares the number of user records against the number from the previous sync. If the difference is greater than the sync deviation threshold that you specify, this activity alert will be triggered, and the sync status will show Paused on the User Directory page. You can manually restart the sync after reviewing the details.

        For more information about user directories, see Creating and managing user directories.

  5. Select a notification to send with this alert.
    The options are based on the notifications you created.
  6. Click Save to save the alert.

Last updated: November 20, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.