Proofpoint | ObserveIT On-Premises Insider Threat Management

System Events

System events are triggered by the ObserveIT system. Events might be triggered when users reach their database storage limits, when a user logs in or when a pairing request is made, or during the health check monitoring of the Agent, Notification Service, Application Server, or Web Console.

For example, when ObserveIT Identity Theft Detection is configured, administrators can verify that users are authorized to log in from the specified (client) computers and to the specified servers. After a user logs in to a server from the desktop, the ObserveIT administrator sends an email to the user confirming the login and event type. If identity theft is suspected, the user reports the suspicious login event to the administrator and a high severity alert is triggered.

ObserveIT administrators can view and manage system events from the Configuration page in the Web Console.

The System EventsSystem Health > System Events page displays a list of the currently defined system events, according to the specified severity and filter criteria.

In the System Events page, administrators can:

For descriptions of the event types, and some possible causes and solutions, see Event Types.

version 7.13.2