You can add multiple alert configurations to a Barracuda Content Shield Policy, but you can only add one alert rule to each alert configuration. When you set up an alert rule in an alert configuration, you choose:
- The filtering categories and subcategories you want to alert on,
- The number of attempts that cause an alert, and
- The time frame for the number of events.
For example, you might choose to trigger an alert when one or more websites in the Auctions & Classifieds category are accessed five times within four hours.
Once you have selected the criteria that triggers an alert, you can set a wide variety of options for the alert, such as:
- The alert category,
- The alert severity,
- Whether a trouble ticket is created or not,
- Whether an email is created or not, and
- If and when the alert is escalated.
Because policies are applied to the site as a whole, alert configurations apply to the entire site and are raised based on the linked Barracuda Content Shield location.
How Filtering Categories Contribute to Alerts
When you set the threshold for a filter, all categories and subcategories are considered for the threshold. An event in any category or subcategory you select contributes to the threshold. If you select three categories, the threshold of events is for events in all the categories, not each one individually.
For example, if you select both the Hacking and Phishing categories and set the threshold at three, and there are two attempts to access a Hacking site and an attempt to access a Phishing site, you receive an alert. There does not have to be three attempts to access a Hacking site or three attempts to access a Phishing site for you to receive an alert.
To set up an alert for a single filtering category, create a configuration, and add only one category to the alert.
To create an alert configuration in a Barracuda Content Shield policy
- In Service Center, click Service Delivery > Policies > Content Shield.
- Click a policy name.
- Click the Settings tab.
- Click Add.
- In Title, type a title for the alert.
- In the Alert Rules area, click Add.
- Do the following:
- To add an alert rule, follow the Adding Alert Configurations to a Barracuda Content Shield Policy procedure.
- To add alert remediation information, follow the Adding Alert Configurations to a Barracuda Content Shield Policy procedure.
- To categorize alerts, identify actions, and set alert notifications, see Setting Actions for Barracuda Content Shield Alerts.
To add an alert rule to a Barracuda Content Shield alert configuration
- In Service Center, click Service Delivery > Policies > Content Shield.
- Click a policy name.
- Click the Settings tab.
- Click Add.
- In Title, type a title for the alert.
- In the Alert Rules area, click Add.
- Do one of the following:
- To receive an alert when the threshold is reached in any category, click Trigger alert on any filtering category.
- To select specific supercategories or categories, clear Trigger alert on any filtering category. In the Available filtering supercategories/categories area, click the check boxes of the categories you want to select, then click . To remove a category, in Selected filtering supercategories/categories, click the check boxes of all the categories you want to remove, then click .
- In the Threshold area, click the Alert after number of occurrences within a given period check box.
- Type a number in Number of occurrences.
- Select a time period.
- Click OK.