Unified Security Policy Alerts

USP Alerts give you real time visibility and tracking of USP violations. By responding to the alert and immediately fixing the underlying issue, you can reduce your real-time risk and exposure.

The following information is displayed for each alert:

USP Alert Field

Description

Status

Specifies whether the USP Alert is:

  • Active
  • Inactive

Name

USP Alert name

Description

Description of the alert

Severity

Severity level of the USP violation that triggers the alert:

Multiple severities can be selected

Devices

Devices for which this alert is sent

Send to

List of USP alert recipients

There is an option to send the alert by syslog

Alerts are triggered by a new revision, but are not triggered when a new service, source, or destination is added on a cell already marked with a violation, or when a violation is removed. When a device or user is removed from the system, the status of any alert containing that device or user automatically changes to Inactive.

The alert email provides a summary of the changes and violations and includes such information as:

  • The firewall and policy name
  • The relevant revision ID and rule number
  • Who performed the change and when the change occurred
  • A link to SecureTrack, with detailed information about the specific changes that caused the USP violation

What can I do on this page?

  • Create a new alert - Click and enter the requested information.

    If multi-domain mode is enabled, the Domain: field appears, which lets you filter the devices for a specific domain.

  • Edit an existing alert - Select an alert, click , and modify the desired information.

    If multi-domain mode is enabled, the Domain: field appears, which lets you filter the devices for a specific domain.

  • Duplicate an alert - Select an alert, click , and modify the desired information.
  • Delete an alert - Select one or more alerts and click .
  • Search for alerts - Enter the search criteria and click .

    Returns alerts that contain the text in any column.

How Do I Get Here?

To view the Unified Security Policy Alerts:

In SecureTrack, go to Audit > Compliance > Unified Security Policy Alerts.