I need to setup an email alert to notify when users copy a certain amount of data from file servers.

  • 1
  • Question
  • Updated 4 years ago
They have windows and NAS devices can you point me in the right direct please.
Photo of IT-help

IT-help

  • 52 Posts
  • 2 Reply Likes

Posted 4 years ago

  • 1
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 389 Posts
  • 8 Reply Likes
LANGuardian provides a number of facilities for identifying excessive use and changes in network use over time including volume overflow alerts.

Volume overflow alerts can be used to identify, short lived, high data transfer rates. A sample use case is to identify transfer of more than 100 MB in 60 seconds of network traffic.

The list of Sensor Settings for any local or remote sensor contains the field - Volume Overflow Detector.

This field will specify the levels at which the sensor will record a host as exceeding the allowed traffic volume rates . For example with the default value of 10000000,60 the sensor will record a volume meter event if a host transfers 10MB or greater of network traffic in 60 seconds. Use a comma to seperate the threshold values. Once the field has been populated, click on the Save button to commit the changes.

One of the key security reports in LANGuardian is the Security :: by Signature report. The report will list the traffic volume overflow event if it is triggered. You can then mark the signature so that an action Send email is taken each time the traffic volume overflow security event occurs.

To do this, select the action that you want to take from the Action drop-down list. The options are Send Email or Ignore Events. When you are marking a signature, you can also specify a particular sensor, source IP address, or destination IP address for the marked signature. Only security events that match the details that you provide are then alerted to you by email or ignored.