Events, alerts, and reports

Deep Security has multiple ways to monitor important events.


Deep Security agents record when a protection module rule or condition is triggered (a "security event"). Agents and Deep Security Manager also record when administrative or system-related events occur (a "system event", such as an administrator logging in, or agent software being upgraded.)

Event data is used to populate reports and graphs in Deep Security Manager. For details, see Events in Deep Security.


Alerts are created when a situation arises that requires your attention (such as an administrator-issued command failing, or a hard disk running out of space). Deep Security includes a pre-defined set of alerts. Additionally, when you create protection module rules, you can configure them to generate alerts if the rules are triggered. Alerts can be viewed on the dashboard, and you can also receive notifications by e-mail, Amazon SNS, and SNMP. For details, see Alerts in Deep Security.


Deep Security Manager can generate reports in PDF or RTF formats. Most of the reports have configurable parameters, such as date range or reporting by computer group. For details, see Generate reports for alerts and other activity.