last person joined: 11 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass Insight Alert Help

This thread has been viewed 6 times
  • 1.  Clearpass Insight Alert Help

    Posted Mar 13, 2015 11:26 AM
      |   view attached

    I am trying to write an alert in Insight that generates an email each time a user fails RADIUS authentication in ClearPass.  I have it working with two issues.

    1:  It only generates an email every ten minutes listing all the failed auths in the last 10 minutes.  I would like to generate 1 email per failure.


    2:  In the email I receive, it lists  date, time, username, and error code (user auth failure).  What I would ideally like is for it to be able to pull some more of the attributes from the Radius message and tell me the device it failed on, and the field in "Computed Attributes" for "Connection:Client-Mac-Vendor"


    Is any of this possible?  Attached is a screenshot of my alert as written.  Any help is greatly appreciated.


    Thank you!



  • 2.  RE: Clearpass Insight Alert Help

    Posted Jun 22, 2015 10:38 AM



  • 3.  RE: Clearpass Insight Alert Help

    Posted Oct 15, 2016 02:10 PM

    Hi teksup9599, 


    have you managed to find answers to your questions?


    I am trying to do similar thing, send 1 email for each Posture check that has Quarantine status. When i set threshold 1 in 1minute and there is not so much logs we can say that we get 1 email for 1 event. But sometimes we get multiple events in one email.


    Also, in email we currently get only MAC address of the device but we would need at least Hostname and Posture check that is not Healthy.




  • 4.  RE: Clearpass Insight Alert Help

    Posted May 26, 2021 07:04 PM
    Hi guys,

    Have you guys managed find a way for this sttngs? I have gone through all the available option for it but it doesnt seems to have any option available for live alerts

    Wenjie Teng