Web Interface > Analytics > Activity-Based Alerts

Activity-Based Alerts

Milan provides the ability to automatically flag questionable activity in WorkSite via activity-based alerts, which can be generated whenever a user performs an excessive number of activities over a given period of time. To take advantage of alerts, an administrator must create a monitoring rule that specifies the maximum acceptable activity level for a particular activity type and one or more actions that should be taken when a user exceeds that level. Triggered rules can optionally send an alert to an administrator or risk team member, disable the offending user's WorkSite account, or send the user a warning email.

Requirements

Upon creating a new alert, Milan displays a dialog with a download link for ActivityAlerts.sql. This script, which you must run against every WorkSite database that you intend to monitor, installs a stored procedure that copies new information from the WorkSite database's DOCHISTORY table to the Milan database.

Additionally, the Activity Monitoring Alert Service, which compiles statistics from the copied data and applies monitoring rules, must be enabled from the Background Services page.

Creating a New Alert

Alerts can be created via the Set Up New Alert dialog accessible from the Activity-Based Alerts page (..../milan/ActivityBasedAlerts.aspx).

Set Up New Alert Dialog

Option Description
Alert Type A drop-down menu from which you can select the WorkSite activity type to monitor.
Threshold The maximum number of times that the activity type selected in Alert Type can occur within the time period specified in Duration before triggering the actions selected below.
Duration The time interval over which activity levels are calculated.
Activity Start/End Time (UTC) The daily start and end times for the period during which activity will be monitored. If the start time is after the end time, the period will extend over two days in UTC time.
Notify Admin or Risk A drop-down menu from which you can select one or more users to which an email notification will be sent when the rule is violated.
Disable User Account Violators of the rule will be automatically disabled within WorkSite.
Notify User Violators of the rule will be automatically sent a warning email.
Alert Name A descriptive name for the monitoring rule. While a default name is generated when configuring the settings above, you are free to rename the rule to your liking.

Managing Configured Alerts

Once an alert has been created, it is listed on the Activity-Based Alerts page, which displays the following columns.

Column Description
Alert Name The name of the monitoring rule.
Created By The user name of the person who created the rule.
Created Date The day on which the rule was created.
Active A check box that controls whether the rule is in effect.
Report Displays a link ("Violations") to the Rule Violations dialog, which lists users who've exceeded the acceptable activity level prescribed in the rule.
Actions
Icon When Clicked
Edit Opens the Edit Alert dialog, which is identical to the Set Up New Alert Dialog.
Delete Permanently deletes the monitoring rule.

Customizing Email Notifications

Email notifications triggered by monitoring rules are generated from the following HTML templates, which are located in .../Prosperoware.Milan/data/Templates/Email.

Rule Action Template File
Notify Admin or Risk ActivityMonitoringAlert.html
Notify User UserMonitoringRuleViolatedNotification.html

To edit the text for a notification, open the corresponding template file in a text editor and modify the HTML within the <body></body> tags. To include values related to the violation, such as the user's name or the name of the monitoring rule, insert the corresponding variable.

Variable Replaced With
[ReceiverName] The full name of the email recipient
[AlertForUsername] The WorkSite user name of the user who violated the rule
[RuleDescription] The name of the monitoring rule (Alert Name)
[RuleThreshold] The threshold value
[RuleAction] A list of all actions that were triggered by the monitoring rule

Note: Variables must always be enclosed with square brackets.