About Alerts

You can configure the Zscaler service to email specific individuals when certain events occur, so your organization can take action in a timely manner. To learn more, see About Alert Subscriptions. You can create up to 128 alerts. You can create an alert for different types of events, such as when the service detects incoming or outgoing malware or when there is a policy violation. When you receive an alert, you can investigate it by going to Analytics and viewing logs of the event.

Events are grouped into classes. For a list of events that can trigger alerts, organized by class, see the table below.

Alert Classes

Depending on your organization's subscriptions, you can configure the service to send alerts for the following classes:

Class Event
Secure Alerts
  • Sandbox Adware
  • Sandbox Anonymizer
  • Sandbox Malware
  • Patient 0
  • Botnet Callback
  • Incoming and Outgoing Malware
  • Incoming and Outgoing Spyware
  • Incoming and Outgoing - Unscannable Files
  • Incoming and Outgoing Viruses
  • Malicious Content
  • Phishing
Access Control Alerts
  • URL Filtering Blocked Sites
  • Chat File Transfer
  • Social Network Post
  • Streaming Upload
  • Streaming View/Listen
  • Webmail File Attachment
System Alerts
  • Auth Bridge Down
  • LDAP Connection Down
  • LDAP Failure
  • LDAP Success
  • Policy Violation
Comply Alerts
  • Custom Engine Violation
  • GLBA violation
  • HIPAA Violation
  • PCI Violation

On the Alerts page, you can do the following:

  1. Configure alerts
  2. View a list of all configured alerts. For alerts, you can see the following:
    • Alert Name: Displays the trigger event that generated the alert
    • Alert Class: Displays the class of the event that triggered the alert
    • Triggered By: Displays the number of event occurrences for a given time period
    • Applies To: Displays whether the event applied to the Organization, a Location, Department or User
    • Severity: Displays the severity level of the event (i.e., Critical, Major, Minor, Info, or Debug)
    • Status: Displays whether the alert is enabled or disabled
  3. Edit an alert
  4. Modify the table and its columns
  5. Search for an alert
  6. Click the Global Configuration tab to resend alerts
  7. Click the Publish Alerts tab to specify alert subscriptions for email recipients