What types of alerts will I see out of the box?

Cyral detects a wide range of events that happen on your data endpoints and creates alerts for those you should be aware of. You can view these alerts in the Alerts tab of the Management Console, and you can configure Cyral to send them to your team through a messaging service like Slack or Microsoft Teams, or an incident response service like The Hive.


Below, we list the main types of preconfigured alerts for the most commonly used data repository platforms:


  • Port scan
  • Authentication failure (By default, Cyral sends an alert on the third failure)
  • Create, modify, or delete object: Note that you can view these by object type and by user.
  • Create user account
  • Create role
  • Modify user account
  • Modify auth mechanisms
  • Modify object
  • Modify role
  • Grant/revoke user privileges
  • Grant/revoke role privileges
  • Modify audit and logging
  • Modify configuration settings
  • Privileged commands
  • Full table scan


Alerts will appear in the "Alerts" screen of your Cyral Control Plane and can also be configured to push to Slack, Teams, or other tools. This can be done through the "Integrations" screen in the Cyral Control Plane. 


Additional alerts specific to your environment can be achieved by writing your own Data Access Policies. 


Learn more: Preconfigured Alerts Reference


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.