FAM Alerts

Jump to solution

Is there any GOOD documentation for creating FAM Alerts.  

Any one running FAM 8.2 or later and able to build an Windows File System or DFS resource alert and filter on AD Group Domain membership?

I am trying to build an alert to be notified if an person belonging to an Administration Group read/modifies/etc.... a file on a Client Windows File Server.  I can get the Filter to work for "Action Type" but I can not find a filter for Group Name.

It seems like I can build a Activity Forensic for this but not an Alert.   

1 Solution

Accepted Solutions

Thanks Barbara,

I figured I was going to have to put all the individual user names.  I was just hoping I was just missing something.

I have entered a Idea entry for it as well.  It is under Idea #FAM-I-185.

Regards,

Kent.

View solution in original post

2 Replies
barbara_hodgkin
SailPoint Employee
SailPoint Employee

Hi @Kent_Pollard-SSnC ,

   I have put in the request to our Product team to increase/improve documentation around Alerts.

Group Name becomes an available filter option depending on the endpoint types you have (like Active Directory); however for this particular scenario it is not available in that context.  It would not trigger on an alert performed by a user in that group, but instead if you were making edits to that group.

That is a great idea - so I definitely recommend entering an Idea on our Ideas page: https://ideas.sailpoint.com/ideas 

In the meantime, my suggestion would be to add the individuals in the group to the Alert via the Attribute = Username, Operator = Any of, Value = admin1, admin2.  Hopefully being an admin group - it is not to tedious. 

Your Alert Rule would look something like this:

     Scope -> Application -> Windows File Server

     Filter -> Attributes:

         Action Type - Any Of - {desired}    

            +Add

         User Name - Any Of - {list of admins}

 

Hope this helps!

 

 

 

Thanks Barbara,

I figured I was going to have to put all the individual user names.  I was just hoping I was just missing something.

I have entered a Idea entry for it as well.  It is under Idea #FAM-I-185.

Regards,

Kent.