Here, you'll learn how different alert types work and how to view their details for better data oversight.
Actifile’s alert system sends real-time notifications when certain data upload thresholds are exceeded. You can create, edit, and delete alerts directly through the Actifile interface, accessible under Deployment > Alert Settings.
For instructions on creating, modifying, or deleting an alert, see this article.
Note: The alerts can be set up from the new user interface at my.actifile.com and are not available from the legacy interface (app.actifile.com).
Another way to find the alert settings is to select Data Explorer > Alerts > Alert Settings.
Alert types
You can set alerts of three types: unusual upload activity, process upload threshold exceeded, and total upload threshold exceeded. Let’s take a closer look at each one.
Unusual upload activity
Alerts are triggered when the value of sensitive data uploaded in a single day significantly exceeds the average of the past 14 days. The threshold is set in percent.
How it works?
To determine whether to send an alert based on the threshold exceeding 25% for the two scenarios, we will compare the calculated percentage increase to the threshold.
For percentage increase calculation, subtract the 14-day average value from the single-day value, divide the result by the 14-day average, and then multiply by 100:
Percentage increase = (single-day value – 14 previous days’ average value) ÷ 14 previous days’ average value × 100
SCENARIO 1
| Single-day risk value | 1,942,156 |
| 14 previous days’ average risk value | 466,549.22 |
1. Calculate the percentage increase:
Percentage increase = (1,942,156 – 466,549.22) ÷ 466,549.22 × 100 = 316.22%
2. Compare to the threshold:
Since 316.22% > 25%, an alert will be sent.
SCENARIO 2
| Single-day risk value | 10,000 |
| 14 previous days’ average risk value | 466,549.22 |
1. Calculate the percentage increase:
Percentage increase = (10,000 – 466,549.22) ÷ 466,549.22 × 100 = −97.86%
2. Compare to the threshold:
Since −97.86% < 25%, an alert will not be sent.
USE CASE
An employee accidentally uploads a large volume of sensitive data to an external cloud service. The system detects this anomaly and notifies the IT security team.
Process upload threshold exceeded
Notifications are triggered when the value of data uploaded by a specific process exceeds a user-defined threshold set in USD.
USE CASE
Set a threshold for a batch processing job that handles sensitive customer information and get notified if the threshold is surpassed.
Total Data Upload Threshold Exceeded
Alerts are generated when all processes’ combined uploaded data value exceeds a set limit. The threshold is defined in USD.
USE CASE
A corporation experiences a spike in data uploads due to end-of-quarter report submissions. The system aggregates the total data uploaded by all processes, and if it exceeds the predefined threshold, an alert is triggered. The data security team is notified of the increased activity, enabling them to monitor and respond to the spike in data uploads.
View alert details
You can see details about the alerts you received, including processes and events that triggered an alert, devices or applications involved, and the estimated value of the sensitive data. To check out this information, head to Data Explorer > Alerts. Select Click to preview for further insights.
The alert overview provides general information, the processes involved, and the top 5 risky events. Let’s break down the details you’ll see for each type of alert.
Unusual Upload Activity
General information:
In this section, you’ll find basic details about the alert, including your organization’s name, the threshold you set in percentage, and the date the alert was created.
For example, in the screenshot, an alert created on July 12, 2024, is set to trigger if the sensitive data uploaded during a single day exceeds the average value of the previous 14 days by 25% or more.
Processes:
This part shows which application was used for the sensitive data upload, the dollar value of the data uploaded on that specific day, the average value of data uploaded over the previous 14 days, and the percentage increase between these two values.
In the screenshot, the data shows that $1,942,156 worth of sensitive data was uploaded through Microsoft OneDrive in a single day, while the average value over the previous 14 days was $466,549.22, reflecting a 316.28% increase.
Top 5 events:
This section lists the five highest-value data uploads contributing to the alert and details about each event.
For example, you can see that the user My customer\rtozer uploaded a file named C:\Users\RenéeTozer\OneDrive – Bluefors\Inventory Not on BOMs Analysis Rev3.xlsx from the device RTOZER-LAPTOP. The estimated dollar value of the sensitive data in this file is $1,938,222.
To learn more about how the suspicious data uploading alert works, refer to the section on alert types.
Process Upload Threshold Exceeded
-4.png?width=688&height=265&name=unnamed%20(1)-4.png)
General information:
This section includes basic information about the alert, such as your organization’s name, the threshold you set in USD, and the date the alert was created.
For example, the screenshot shows an alert created on July 12, 2024, triggered when the value of data uploaded by a single process in a day exceeds $1,000.
Processes:
Here, you’ll find details about the specific process that caused the alert, including the number of files uploaded and the total dollar value of the sensitive data involved.
In the provided example, 3 files with a total sensitive data value of $2,040 were uploaded through the agent application, prompting the alert.
Top 5 events:
This section lists the five highest-value uploads that contributed to the alert, providing details about each event.
For instance, in the screenshot, the file C:\Users\User2\20240712_HII_Remittance_06-30-2024_to_07-06-2024 CFCo.csv contained the highest value of sensitive data at $750. This file was uploaded by the user NT AUTHORITY\SYSTEM from the device MBA05-12-18-18R.
Total Upload Threshold Exceeded
-4.png?width=688&height=244&name=unnamed%20(2)-4.png)
General information:
This section includes your organization’s name, the threshold you set in USD, and the date the alert was created. It also shows the total number of files containing sensitive data that were uploaded and the estimated dollar value of the sensitive data in those files.
For example, the screenshot illustrates an alert created on July 12, 2024, which was triggered when the total value of sensitive data uploaded by all processes exceeded $1,000. On this day, 3 files with a combined sensitive data value of $2,040 were uploaded, resulting in the alert.
Top 5 events:
Five events with the highest sensitive data upload value.
This section highlights the five uploads with the highest value of sensitive data, providing specifics about each event.
In the screenshot, for instance, the file C:\Users\User2\20240712_HII_Remittance_06-30-2024_to_07-06-2024 CFCo.csv contained the highest value of sensitive data at $750. This file was uploaded by the user NT AUTHORITY\SYSTEM from the device MBA05-12-18-18R through the agent application.