Multi Country Authentications for Staff members.
I would like help or advice on how to create a new workflow in InsightConnect using a preconfigured alert in IDR.
The alert in IDR will trigger when a staff members account has been logged into from 2 or more countries within a short period of time. (We currently have staff and students in our AD tree. At the moment, we have an IDR alert for students which just deletes the IDR alert as we don’t want to do anything with these alerts).
what I would like to do is:
When an alert comes in for a STAFF member (using AD authentication), I would like the workflow to trigger, use a templated email then add the staff members name, the IP addresses in the alert and the countries listed in the alert.
Then either automatically send it from a specific email address (a centralised security mailbox) to the staff member or ask for human intervention to check and send the email.
Does anyone have any idea if something like this is possible and how I could go about creating the workflow? I am a complete beginner with this system and have had no formal training so I am winging it!!