Trigger Email alert for Authentication Failure from Insight

MVP Expert
MVP Expert
Requirement:
  • Insight should be enabled
  • SMTP Gateway should be configured
  • CPPM will require outbound access to the SMTP gateway through None/SSL/StartTLS port.
     


Solution:

We can use ClearPass Insight to create alerts to trigger email/sms based on the filters available in the module.



Configuration:

Enabling Insight:
1. Login to the Publisher (Policy Manager) and navigate to Administration -> Server Manager -> Server Configuration 

2. Select the Publisher or Subscriber node where Insight and Insight Master needs to be enabled.

3. Select "Enable Insight" and "Enable as Insight Master"

 

 

Configuring SMTP:

4. Configure email gateway in Policy Manager -> Administration -> External Servers -> Messaging Setup.

 

Configuring Alerts:

5. Navigate to Insight Master (Publisher/Subscriber) -> Alerts -> Create New Alert

    Configure Alert Name, Category, Notify by Email, Filter and Trigger option.

    Threshold: Number of Authentication

    Interval: Time interval
   


    
 

 



Verification

1. Policy Manager -> Monitoring -> Live Monitoring -> Access Tracker shows the number of failed Authentication.

 

1. Navigate to Insight -> Alerts to check the recent alerts triggered from Insight module.


 

2. Sample email alert.

 

3. The alert will also be logged in the server logs under \PolicyManagerLogs\insight\insight.log.

2019-02-27 05:52:57,306 INFO   Alert [Authentication Failure] compute begin_dt2019-02-27 05:45:00+05:30
2019-02-27 05:52:57,306 INFO   Alert [Authentication Failure] hitcount3) begin_dt2019-02-27 05:45:00+05:30
2019-02-27 05:53:00,177 INFO   Alert [Authentication Failure] email done
2019-02-27 05:55:04,134 INFO   [al_auth_status]      [2019-02-27 05:40:04.126806+05:30] -> [2019-02-27 05:55:04+05:30] [134 ms

Version history
Revision #:
2 of 2
Last update:
‎05-22-2019 11:50 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: