Milan provides the ability to automatically flag questionable activity in WorkSite via activity-based alerts, which can be generated whenever a user performs an excessive number of activities over a given period of time. To take advantage of alerts, an administrator must create a monitoring rule that specifies the maximum acceptable activity level for a particular activity type and one or more actions that should be taken when a user exceeds that level. Triggered rules can optionally send an alert to an administrator or risk team member, disable the offending user's WorkSite account, or send the user a warning email.
Upon creating a new alert, Milan displays a dialog with a download link for ActivityAlerts.sql. This script, which you must run against every WorkSite database that you intend to monitor, installs a stored procedure that copies new information from the WorkSite database's DOCHISTORY table to the Milan database.
Additionally, the Activity Monitoring Alert Service, which compiles statistics from the copied data and applies monitoring rules, must be enabled from the Background Services page.
Alerts can be created via the Set Up New Alert dialog accessible from the Activity-Based Alerts page (..../milan/ActivityBasedAlerts.aspx).
Option | Description |
---|---|
Alert Type | A drop-down menu from which you can select the WorkSite activity type to monitor. |
Threshold | The maximum number of times that the activity type selected in Alert Type can occur within the time period specified in Duration before triggering the actions selected below. |
Duration | The time interval over which activity levels are calculated. |
Activity Start/End Time (UTC) | The daily start and end times for the period during which activity will be monitored. If the start time is after the end time, the period will extend over two days in UTC time. |
Notify Admin or Risk | A drop-down menu from which you can select one or more users to which an email notification will be sent when the rule is violated. |
Disable User Account | Violators of the rule will be automatically disabled within WorkSite. |
Notify User | Violators of the rule will be automatically sent a warning email. |
Alert Name | A descriptive name for the monitoring rule. While a default name is generated when configuring the settings above, you are free to rename the rule to your liking. |
Once an alert has been created, it is listed on the Activity-Based Alerts page, which displays the following columns.
Column | Description | ||||||
---|---|---|---|---|---|---|---|
Alert Name | The name of the monitoring rule. | ||||||
Created By | The user name of the person who created the rule. | ||||||
Created Date | The day on which the rule was created. | ||||||
Active | A check box that controls whether the rule is in effect. | ||||||
Report | Displays a link ("Violations") to the Rule Violations dialog, which lists users who've exceeded the acceptable activity level prescribed in the rule. | ||||||
Actions |
|
Email notifications triggered by monitoring rules are generated from the following HTML templates, which are located in .../Prosperoware.Milan/data/Templates/Email.
Rule Action | Template File |
---|---|
Notify Admin or Risk | ActivityMonitoringAlert.html |
Notify User | UserMonitoringRuleViolatedNotification.html |
To edit the text for a notification, open the corresponding template file in a text editor and modify the HTML within the <body></body>
tags. To include values related to the violation, such as the user's name or the name of the monitoring rule, insert the corresponding variable.
Variable | Replaced With |
---|---|
[ReceiverName] | The full name of the email recipient |
[AlertForUsername] | The WorkSite user name of the user who violated the rule |
[RuleDescription] | The name of the monitoring rule (Alert Name) |
[RuleThreshold] | The threshold value |
[RuleAction] | A list of all actions that were triggered by the monitoring rule |
Note: Variables must always be enclosed with square brackets.