Merging rules for Portnox Cloud alerts
In this topic, you will find out when Portnox Cloud alerts are merged together into a single compound alert.
Alert | Time | Number |
---|---|---|
802.1X access attempt denied. LDAP account not found in CLEAR repository and LDAP autoenrollment disabled | 30 minutes | 30 |
802.1X access attempt denied - AD account is expired | 10 minutes | 10 |
802.1X access attempt denied - AD account is locked out | 10 minutes | 10 |
802.1X access attempt denied - AD account password is expired | 10 minutes | 10 |
802.1X access attempt denied because 'Device Requirement' option is not followed | 10 minutes | 10 |
802.1X access attempt denied due to expired credentials | 10 minutes | 10 |
802.1X access attempt denied due to Google Workspace account misconfiguration | 10 minutes | 10 |
802.1X access attempt denied due to missing credentials | 10 minutes | 10 |
802.1X access attempt denied due to missing supplicant certificate | 10 minutes | 10 |
802.1X access attempt denied due to supplicant certificate untrusted | 10 minutes | 10 |
802.1X access attempt denied due to unsupported authentication type | 10 minutes | 10 |
802.1X access attempt denied due to wrong credentials | 10 minutes | 10 |
802.1X access attempt denied to unauthorized SSID | 10 minutes | 10 |
802.1X wired access attempt denied | 10 minutes | 10 |
802.1X wired access attempt denied due to forbidden authentication type | 10 minutes | 10 |
802.1X wireless access attempt denied due to forbidden authentication type | 10 minutes | 10 |
Access denied since Directory Broker does not respond | 10 minutes | 10 |
Access denied - user name ambiguous | 10 minutes | 10 |
Access is denied due to the organization exceeding its subscription plan quota | 30 minutes | 10 |
Access requests become to be served by CLEAR Cloud service | 3 minutes | 5 |
Access requests become to be served by Local RADIUS service | 3 minutes | 5 |
Access to 802.1X denied - access has been blocked by Azure Conditional Access policies | 10 minutes | 10 |
Access to 802.1X denied - account is not found | 10 minutes | 10 |
Access to 802.1X denied - agentless access is disabled | 10 minutes | 10 |
Access to 802.1X denied by Administrator | 10 minutes | 10 |
Access to 802.1X denied due to device blocked | 10 minutes | 10 |
Access to 802.1X denied due to policy violation | 10 minutes | 10 |
Access to 802.1X denied - total amount of allowed devices per-account is reached | 10 minutes | 10 |
Access to VPN denied - agentless access is disabled | 10 minutes | 10 |
Account's certificate has expired | 30 minutes | 30 |
Account's certificate is about to expire | 30 minutes | 30 |
Account's certificate was revoked | 1 hour | 10 |
Account blocked by admin | 2 minutes | 25 |
Activation code have expired | 10 minutes | 10 |
Activation code reached attempts limits | 10 minutes | 10 |
Admin credentials expiring | 10 minutes | 10 |
AgentP firmware update has occured | 10 minutes | 10 |
Applications export was successfully completed | 10 minutes | 10 |
Application version changed | 3 hours | 30 |
Authentication with unrecognized LDAP domain name | 30 minutes | 10 |
Azure membership validation failed | 3 hours | 30 |
Device's client certificate has expired | 10 minutes | 10 |
Device enrollment failed due to problems with LDAP account | 1 day | 12 |
Device has become archived | 10 minutes | 10 |
Device has changed enrollment status | 1 hour | 10 |
Device has changed its device fingerprint | 1 hour | 10 |
Device is unauthorized azure computer | 3 hours | 30 |
Device is unauthorized domain computer | 3 hours | 30 |
Device jailbroken | 3 hours | 30 |
Device joined Azure Active Directory | 10 minutes | 10 |
Device joined LDAP Directory domain | 10 minutes | 10 |
Device roaming status changed | 3 hours | 30 |
Device was blocked due to changed device fingerprint | 1 hour | 10 |
Device was blocked due to excessive activity | 30 minutes | 30 |
Device was removed during LDAP directory synchronization | 6 hours | 10 |
Device was successfully validated as azure member | 3 hours | 30 |
Device was successfully validated as domain member | 3 hours | 30 |
Directory Broker machine requires update | 6 hours | 10 |
Domain membership validation failed | 3 hours | 30 |
Evaluation period is about to expire | 1 day | 12 |
External sign in success | 10 minutes | 10 |
Failed to enroll device in unattended mode | 30 minutes | 10 |
Google Workspace integration is not configured properly | 6 hours | 10 |
Guest authentication failed | 10 minutes | 10 |
Guest authentication failed because guest account not found | 10 minutes | 10 |
Guest authentication failed due to organization license | 10 minutes | 10 |
Guest authentication success | 10 minutes | 10 |
Guest forbidden attempt to access employees wireless network | 10 minutes | 10 |
Host file info was changed | 3 hours | 30 |
Intune device obtains status 'Compliant' | 3 hours | 30 |
Intune device obtains status 'Non-Compliant' | 3 hours | 30 |
Intune synchronization completed | 3 minutes | 5 |
Intune synchronization failed | 1 day | 12 |
Jamf synchronization completed | 10 minutes | 10 |
Jamf synchronization failed | 10 minutes | 10 |
LDAP directory trust is broken | 6 hours | 10 |
Local user account(s) on the device changed group membership | 2 minutes | 25 |
Local user account(s) were deleted from the device | 2 minutes | 25 |
MAC bypass denied | 30 minutes | 30 |
NAS was added to CLEAR | 6 hours | 10 |
New application was installed on the device | 3 hours | 30 |
New certificate was installed on the device | 3 hours | 30 |
New Intune device was enrolled | 3 hours | 30 |
New peripheral device was attached to the device | 3 hours | 30 |
New port was opened on the device | 3 hours | 30 |
New SIM card was inserted in the device | 3 hours | 30 |
Okta access attempt denied due to access by not enrolled device | 10 minutes | 10 |
Okta access denied by Administrator | 10 minutes | 10 |
Okta access denied due to missing device policy | 10 minutes | 10 |
Okta access denied due to policy violation | 10 minutes | 10 |
Okta access not allowed by group settings | 10 minutes | 10 |
Okta authentification success | 10 minutes | 10 |
Okta connection not allowed for the device | 10 minutes | 10 |
Okta Directory synchronization completed | 1 day | 12 |
OKTA RADIUS forbidden attempt to access with expired credentials | 10 minutes | 10 |
OS version changed | 3 hours | 30 |
OTP access attempt denied due to expired token | 10 minutes | 10 |
OTP access attempt denied due to missing token | 10 minutes | 10 |
OTP access attempt denied due to wrong token | 10 minutes | 10 |
Portnox Conditional Access for Applications authentication success | 6 hours | 10 |
Portnox Conditional Access for Applications Perpetual Policy Enforcement has failed to perform an action | 1 hour | 5 |
Portnox Conditional Access for Applications Perpetual Policy Enforcement has performed an action | 1 hour | 5 |
Preventive action executed | 3 hours | 30 |
RADIUS failed to authenticate device against CLEAR services | 10 minutes | 10 |
RADIUS failed to authenticate device due to unsupported authentication type | 10 minutes | 10 |
RADIUS forbidden attempt to access with expired credentials | 10 minutes | 10 |
RADIUS forbidden attempt to access with wrong SharedSecret for organization | 1 hour | 30 |
Synchronization with Google Workspace successfully completed | 1 day | 12 |
TACACS+ access attempt denied due to sites restrictions. Command-based attribute was not detected | 1 hour | 10 |
TACACS+ access attempt denied due to sites restrictions. Command-based rule was not detected | 1 hour | 10 |
TACACS+ access attempt denied due to sites restrictions. NAS was not detected | 1 hour | 10 |
TACACS+ access attempt denied due to sites restrictions. Session attribute was not detected | 1 hour | 10 |
TACACS+ access attempt denied due to sites restrictions. Session rule was not detected | 1 hour | 10 |
TACACS+ access attempt denied due to wrong credentials | 1 hour | 10 |
TACACS+ access denied - account is not found | 10 minutes | 10 |
TACACS+ accounting | 30 minutes | 10 |
TACACS+ authentication attempt denied due to access has been blocked by Azure Conditional Access policies | 1 hour | 100 |
TACACS+ authentication attempt denied due to account ambiguities. | 1 hour | 100 |
TACACS+ authentication attempt denied due to blocked by admin account | 1 hour | 100 |
TACACS+ authentication attempt denied due to expired account | 1 hour | 100 |
TACACS+ authentication attempt denied due to license limitation | 1 hour | 100 |
TACACS+ authentication attempt denied due to MFA timeout | 1 hour | 100 |
TACACS+ authentication attempt denied due to MFA verification failure. Account is not onboarded | 1 hour | 100 |
TACACS+ authentication attempt denied due to MFA verification failure. Azure AD user must enroll in MFA to access | 1 hour | 100 |
TACACS+ authentication attempt denied due to MFA verification failure. Azure AD user must perform MFA to access | 1 hour | 100 |
TACACS+ authentication attempt denied due to MFA verification failure. Azure AD user must refresh MFA to access | 1 hour | 100 |
TACACS+ authentication attempt denied due to MFA verification failure. There are no suitable devices to process | 1 hour | 100 |
TACACS+ authentication attempt denied due to MFA verification interruption. Azure AD user must enroll in MFA to access | 1 hour | 100 |
TACACS+ authentication attempt denied due to MFA verification interruption. Azure AD user must perform MFA to access | 1 hour | 100 |
TACACS+ authentication attempt denied due to missing TACACS+ policy mapping | 1 hour | 100 |
TACACS+ authentication attempt denied due to password reset requirements. | 1 hour | 100 |
TACACS+ authentication attempt denied due to rejected MFA | 1 hour | 100 |
TACACS+ authentication attempt denied due to server error | 1 hour | 10 |
TACACS+ authentication success | 10 minutes | 10 |
TACACS+ authorization attempt denied due to account ambiguities. | 1 hour | 100 |
TACACS+ authorization attempt denied due to blocked by admin account | 1 hour | 100 |
TACACS+ authorization attempt denied due to expired account | 1 hour | 100 |
TACACS+ authorization attempt denied due to license limitation | 1 hour | 100 |
TACACS+ authorization attempt denied due to MFA timeout | 1 hour | 100 |
TACACS+ authorization attempt denied due to MFA verification failure. Account is not onboarded | 1 hour | 100 |
TACACS+ authorization attempt denied due to MFA verification failure. There are no suitable devices to process | 1 hour | 100 |
TACACS+ authorization attempt denied due to missing TACACS+ policy mapping | 1 hour | 100 |
TACACS+ authorization attempt denied due to rejected MFA | 1 hour | 100 |
TACACS+ authorization attempt denied due to server error | 1 hour | 10 |
TACACS+ authorization success | 10 minutes | 10 |
TACACS+ command-based connection not allowed for the account | 10 minutes | 10 |
TACACS+ service connection not allowed for the account | 10 minutes | 10 |
The evaluation period has expired | 10 minutes | 10 |
The Portnox Directory Broker is active | 6 hours | 10 |
The Portnox Directory Broker is dormant | 6 hours | 10 |
The Portnox Directory Broker is misconfigured | 6 hours | 10 |
The Portnox Directory Broker is offline | 6 hours | 10 |
The Portnox Private Access Application is down | 6 hours | 10 |
The Portnox Private Access Application is up | 6 hours | 10 |
The Portnox Private Access Gateway is active | 6 hours | 10 |
The Portnox Private Access Gateway is not reporting | 6 hours | 10 |
Unable to create account. LDAP autoonboarding disabled | 30 minutes | 30 |
Unable to enroll a new device | 30 minutes | 10 |
Unable to enroll a new device due to organization enroll settings | 7 days | 100 |
Unable to enroll a new device due to organization subscription expiration | 30 minutes | 10 |
Unattended enrollment: reached maximum number of devices | 1 hour | 100 |
User repository synchronization is pending | 1 day | 4 |
VPN access attempt denied - AD account is locked out | 10 minutes | 10 |
VPN access attempt denied - AD account password is expired | 10 minutes | 10 |
VPN access attempt denied due to access by not enrolled device | 10 minutes | 10 |
VPN access attempt denied due to AgentP strong factor validation | 10 minutes | 10 |
VPN access attempt denied due to AgentP strong factor validation timeout | 10 minutes | 10 |
VPN access attempt denied due to forbidden authentication type | 10 minutes | 10 |
VPN access attempt denied due to MFA verification failure. There are no suitable devices to process | 10 minutes | 10 |
VPN access attempt denied due to no managed devices found to validate risk score | 10 minutes | 10 |
VPN access attempt denied due to sites restrictions violation | 1 hour | 10 |
VPN access attempt denied due to supplicant certificate invalid | 10 minutes | 10 |
VPN access attempt denied due to supplicant certificate issuer untrusted | 10 minutes | 10 |
VPN access attempt denied due to supplicant certificate untrusted | 10 minutes | 10 |
VPN access attempt denied due to unsupported authentication type | 10 minutes | 10 |
VPN access attempt denied due to wrong configuration | 10 minutes | 10 |
VPN access attempt denied due to wrong credentials | 10 minutes | 10 |
VPN access denied - account is not found | 10 minutes | 10 |
VPN access denied by Administrator | 10 minutes | 10 |
VPN access denied - device not found | 10 minutes | 10 |
VPN access denied due to missing device policy | 10 minutes | 10 |
VPN access denied due to policy violation | 10 minutes | 10 |
VPN access denied - user name ambiguous | 10 minutes | 10 |
VPN authentication success | 10 minutes | 10 |
VPN connection not allowed for the device | 10 minutes | 10 |
Wi-Fi provisioning failed for device | 6 hours | 100 |