Alert Assignment Settings

LightBeam Playbooks Alerts 2.1 introduces flexible alert assignment settings that allow administrators to determine how sub-alerts are assigned to users. Administrators can configure whether sub-alerts should be assigned to the Data source Owner or the Object Owner (if supported by the data source).

Let's consider the following example to understand the alert assignment settings:

The image above displays the details of an "Access Policies: Redoing the Policies selecting all DSAcne-Gdrive" alert. It provides the following information:

• The "Assignee" field indicates that the alert is assigned to 2 people: [email protected] and [email protected].

• The "Object Owner" is [email protected] .

To make the Object Owner the default Alert Owner, follow these steps:

Configuring Alert Assignment Settings

1. From the LightBeam Playbooks screen, click on the "Policies" option in the left sidebar.

1. In the "Policies" section, locate the "Access Policies: External Access" rule set.

1. Click on the "Redoing the Policies selecting all DS" rule set.

1. Access Policies: External Access Screen

The "Access Policies: External Access" screen displays the existing rule sets for the selected policy type.

The rule set is currently enabled and set to generate alerts with a "Warning" severity level.

Alerts will be assigned to the respective datasource owners and additional members specified ([email protected]).

Click on the "VIEW / UPDATE" button to modify the rule set settings.

1. Set Alert & Regulation

In the "Alert Settings" section, you can Enable or Disable alerts.

In the Alert Assignment Settings section, choose between two options for alert assignment:

• Data Source Owner: Sub-alerts will be assigned to the owner of the data source where the alert originated.

• Object Owner: Sub-alerts will be assigned to the owner of the specific object (e.g., file, folder) within the data source, if the data source supports object-level ownership.

If "Object Owner" is selected but the data source does not support object-level ownership (e.g., S3), the sub-alerts will be assigned to the data source owner as a fallback.

1. In the next screen, you can customize the alert generation criteria.

• Set the desired "Sensitivity" level (e.g., "High").

• Input the number of attributes (e.g., 4) to generate an alert based on the attribute combination.

• Set the "Severity Level" (e.g., "Warning").

1. The "Associated Regulations" section shows the "GDPR" regulation associated with this rule set. Review the settings and click on the "Next" button to proceed.

1. This is the final step for configuring the rule set.

• Users can optionally set automation for data sources.

• Rule set details are displayed for review.

1. Once reviewed, click on "Save & Close" to save the rule set configuration.

This screen displays a success message, "Policy successfully updated," indicating that the rule set configuration changes have been successfully applied to the system.

Verifying Alert Assignment Changes

To verify that the alert assignment changes have been applied as intended, administrators can navigate back to the alert details screen for the specific rule set.

The "Assignee" column now displays the email addresses of the respective object owners for each listed object or file. In this case, [email protected] is shown as the assignee for all objects, reflecting the successful implementation of the new alert assignment settings.