Alerts are generated in Citrix Analytics to notify you of events that require attention such as a high risk score change, a risk indicator is triggered, or policies are triggered. Alerts warn you of potential threats, so that you can take immediate action on an account or user, if necessary.
When are alerts generated
Alerts are typically generated when:
A risk score change occurs. Risk score is a value that indicates the aggregate level of risk a user poses to the network over a pre-determined monitoring period. Whenever there is a change in the risk score of a user, an alert is generated.
A risk indicator is triggered. Risk indicators are user activities that look suspicious or can pose a security threat to your organization. Whenever a risk indicator is triggered based on user activity, an alert is generated.
A policy is triggered. A policy is triggered when a set of conditions are met for an action to be executed.
How to view alerts
To view the list of recently-generated alerts, log on to Citrix Analytics and click the Alerts tab from the top bar. The User Security Alerts pane appears. You can view the alert description, the date and time of the alert, and the user account for which the alert was generated.
To view a list of all the alerts, click See More at the bottom of the alerts list. The Alerts History page appears. On this page, you can view the date and time when the alert was triggered, the alert name, the user account that triggered the alert, and the description of the alert. By default, the Alerts History page displays the alerts for the last one month. You can also choose the time period- 12 hours, one day, or one week. Use the search functionality to look for any specific alert.
How to delete an alert
You can delete alerts from the Alerts History page.
On the Alerts History page, select an alert and click Delete to delete that alert.
Or, select the check box on the column header, and click Delete. This deletes all alerts triggered on Citrix Analytics.