Activity-Based Alerts

Milan provides the ability to automatically flag questionable activity in WorkSite via activity-based alerts, which can be generated whenever a user performs an excessive number of activities over a given period of time. To take advantage of alerts, an administrator must create a monitoring rule that specifies the maximum acceptable activity level for a particular activity type and one or more actions that should be taken when a user exceeds that level. Triggered rules can optionally send an alert to an administrator or risk team member, disable the offending user's WorkSite account, or send the user a warning email.

Requirements

Upon creating a new alert, Milan displays a dialog with a download link for ActivityAlerts.sql. This script, which you must run against every WorkSite database that you intend to monitor, installs a stored procedure that copies new information from the WorkSite database's DOCHISTORY table to the Milan database.

Additionally, the Activity Monitoring Alert Service, which compiles statistics from the copied data and applies monitoring rules, must be enabled from the Background Services page.

Creating a New Alert

Alerts can be created via the Set Up New Alert dialog accessible from the Activity-Based Alerts page (..../milan/ActivityBasedAlerts.aspx).

Set Up New Alert Dialog

Option	Description
Alert Type	A drop-down menu from which you can select the WorkSite activity type to monitor.
Threshold	The maximum number of times that the activity type selected in Alert Type can occur within the time period specified in Duration before triggering the actions selected below.
Duration	The time interval over which activity levels are calculated.
Activity Start/End Time (UTC)	The daily start and end times for the period during which activity will be monitored. If the start time is after the end time, the period will extend over two days in UTC time.
Notify Admin or Risk	A drop-down menu from which you can select one or more users to which an email notification will be sent when the rule is violated.
Disable User Account	Violators of the rule will be automatically disabled within WorkSite.
Notify User	Violators of the rule will be automatically sent a warning email.
Alert Name	A descriptive name for the monitoring rule. While a default name is generated when configuring the settings above, you are free to rename the rule to your liking.

Managing Configured Alerts

Once an alert has been created, it is listed on the Activity-Based Alerts page, which displays the following columns.

Column	Description
Alert Name	The name of the monitoring rule.
Created By	The user name of the person who created the rule.
Created Date	The day on which the rule was created.
Active	A check box that controls whether the rule is in effect.
Report	Displays a link ("Violations") to the Rule Violations dialog, which lists users who've exceeded the acceptable activity level prescribed in the rule.
Actions	Icon When Clicked Edit Opens the Edit Alert dialog, which is identical to the Set Up New Alert Dialog. Delete Permanently deletes the monitoring rule.

Customizing Email Notifications

Email notifications triggered by monitoring rules are generated from the following HTML templates, which are located in .../Prosperoware.Milan/data/Templates/Email.

Rule Action	Template File
Notify Admin or Risk	ActivityMonitoringAlert.html
Notify User	UserMonitoringRuleViolatedNotification.html

To edit the text for a notification, open the corresponding template file in a text editor and modify the HTML within the <body></body> tags. To include values related to the violation, such as the user's name or the name of the monitoring rule, insert the corresponding variable.

Variable	Replaced With
[ReceiverName]	The full name of the email recipient
[AlertForUsername]	The WorkSite user name of the user who violated the rule
[RuleDescription]	The name of the monitoring rule (Alert Name)
[RuleThreshold]	The threshold value
[RuleAction]	A list of all actions that were triggered by the monitoring rule