CA Threat Analytics Alert Configuration

Document ID : KB000109280
Last Modified Date : 01/10/2018
Show Technical Document Details
Question:
Is there a way to configure Threat Analytics to monitor and alert the administrators?
Answer:
You can select to receive System Health-related alerts via email. 

Current System Health is viewable on the homepage header, and can be clicked for more information about changes in Health status. Examples of when System Health may change: Events are coming in from PAM at a rate that causes messages to queue up too fast, and fall behind in processing Error rates at the API increase above normal level Periodic caching of information from PAM fails for some reason (invalid credentials, intermittent network failure). 

These alerts allow administrators to be notified that something is affecting overall performance of the system, and also to be notified when these issues are resolved. The system implements automatic mitigation strategies when it detects issues that affect health. 

To elect to be notified via email on changes in System Health, an Administrative User should select from the “System Alerts” dropdown in the User edit form (image below). They can choose to be notified immediately, or to only be sent a summary periodically (daily, weekly, monthly). Note: The Email/SMTP configuration must be setup for this functionality to work. 

The alerting only occurs during health issues affecting the performance of the integration between Threat Analytics and PAM, and Threat Analtyics’ ability to process data. No alerting occurs during issues affecting the availability of the Threat Analytics VM or the hardware on which it runs. We recommend that customers use a preferred service monitoring utility for that purpose – for instance, something like Nagios to monitor responses from port 443, or to monitor disk and memory usage.