Pre-configured alerts are designed to help you get immediate value without needing to build alerts from scratch. They provide coverage across key risk, security, and usage scenarios so you can quickly start monitoring your environment.
Available Pre-Configured Alerts
The following alerts are available out of the box:
New App Discovered
Triggers when a previously unseen application with critical risk is actively used within the environment, identified through SSO logs, browser activity, or other ASM discovery methods. Enables rapid identification of shadow IT, shadow AI and unauthorized SaaS adoption.
Identity Management Integration Failure
Triggers when the Microsoft Entra or Google Workspace identity management integration fails, disrupting users sync and security event ingestion from the identity provider.
New Shared Credentials Found in Use
Triggers when multiple users are newly detected using the same login credential to access an application, which poses security risks and makes it difficult to track individual user activity.
New Service Credentials Found in Use
Triggers when a new service account credential (e.g., support@example.com, administrator@example.com) is detected in the environment, helping identify unmanaged access, reduce security risk, and maintain access governance.
New Personal Credentials Found in Use
Triggers when a new account using a non-organization domain (e.g., personal email) is detected in the environment, helping identify shadow IT and reduce risk from non-work software usage.
New Application Usage by User
Triggers when an individual user begins using an application in an unapproved, decommissioned, or decommissioning lifecycle stage, helping track potential unauthorized software usage.
Vendor Incident - Discovered App
Triggers when a vendor reports a security incident, data breach, or vulnerability impacting an application that has been discovered in your environment, enabling rapid risk assessment and mitigation.
Default Settings
Pre-configured alerts are marked as “Created by: System” and come with flexible default settings:
- Disabled by default → You control which alerts to activate and when
- Weekly delivery → Alerts are batched and sent weekly
- Partner managed → Created at the Partner level to cover all managed clients
- Preset conditions → Conditions are preselected based on recommended settings for a quick start
- Destination:
- Sent to Support Inbox (if configured)
- If not configured, sent to Partner Admins
Enable Pre-Configured Alerts
Only users with Default Admin or Client Admin permissions can enable alerts.
- On the Partner level, navigate to Alerts from the left panel
- Click Manage Alerts
- Locate the system-created alerts and select the ones you want to enable
- Use the Enable action
Once enabled, the alert will begin monitoring activity based on its configuration.
Setting Up a Support Inbox
To configure a Support Inbox for alert delivery:
- On the Partner level, navigate to Org Preferences from the left panel
- Select Integrations
- Scroll down to Support Inbox and click Configure
- Check the Enable box
- Enter the email address that will receive alerts
- Click Save Settings
Once configured, this inbox will be used as the default destination for pre-configured alerts.
Getting the Most Out of Alerts
- Start by enabling alerts that align with your security priorities (e.g., credential usage, critical risk apps)
- Adjust delivery settings if weekly notifications are too infrequent for certain alerts
- Update alert destinations to ensure the right stakeholders are notified
- Clone an alert to create variations with different conditions that align with your goals
- Regularly review triggered alerts and acknowledge them to track progress