{"componentChunkName":"component---src-templates-three-columns-js","path":"/docs/monitor-api/monitor101/best-practices-handling-alerts/","result":{"pageContext":{"layout":"threeColumns","contentType":"ContentfulAssemblyGuide","data":{"sidebar":{"metadata":{"type":{"data":"sidebarKey"},"sourceUID":{"data":"57EYtLi7eYEtklU0pSMjGd-en-US"},"source":{"data":"CM"},"title":{"data":"Monitor API "},"version":{"data":""},"titleHref":{"data":"/docs/monitor-api/"},"badgeTextOptions":{"data":{"items":[{"version":{"data":""},"text":{"data":""}}]}}},"data":{"menu":{"items":[{"metadata":{},"data":{"text":{"data":"Overview"},"items":null,"href":{"data":"/docs/monitor-api/"},"icon":{},"secondaryText":{"data":"Overview"}}},{"metadata":{},"data":{"text":{"data":"Monitor API 101"},"items":[{"metadata":{},"data":{"text":{"data":"Events and alerts"},"items":null,"href":{"data":"/docs/monitor-api/monitor101/events-alerts"},"icon":{},"secondaryText":{"data":"Monitor API 101%%%%Events and alerts"}}},{"metadata":{},"data":{"text":{"data":"Tracking data and handling alerts"},"items":null,"href":{"data":"/docs/monitor-api/monitor101/tracking-data-handling-alerts"},"icon":{},"secondaryText":{"data":"Monitor API 101%%%%Tracking data and handling alerts"}}},{"metadata":{},"data":{"text":{"data":"Best practices for handling alerts"},"items":null,"href":{"data":"/docs/monitor-api/monitor101/best-practices-handling-alerts"},"icon":{},"secondaryText":{"data":"Monitor API 101%%%%Best practices for handling alerts"}}},{"metadata":{},"data":{"text":{"data":"Authentication"},"items":null,"href":{"data":"/docs/monitor-api/monitor101/auth"},"icon":{},"secondaryText":{"data":"Monitor API 101%%%%Authentication"}}}],"href":{"data":"/docs/monitor-api/monitor101"},"icon":{},"secondaryText":{"data":"Monitor API 101"}}},{"metadata":{},"data":{"text":{"data":"How-to guides"},"items":[{"metadata":{},"data":{"text":{"data":"Code example launchers"},"items":null,"href":{"data":"/docs/monitor-api/how-to/code-launchers/"},"icon":{},"secondaryText":{"data":"How-to guides%%%%Code example launchers"}}},{"metadata":{},"data":{"text":{"data":"Enable Monitor for your organization"},"items":null,"href":{"data":"/docs/monitor-api/how-to/enable-monitor"},"icon":{},"secondaryText":{"data":"How-to guides%%%%Enable Monitor for your organization"}}},{"metadata":{},"data":{"text":{"data":"Get monitoring data"},"items":null,"href":{"data":"/docs/monitor-api/how-to/get-monitoring-data/"},"icon":{},"secondaryText":{"data":"How-to guides%%%%Get monitoring data"}}}],"href":{"data":"/docs/monitor-api/how-to/"},"icon":{},"secondaryText":{"data":"How-to guides"}}},{"metadata":{},"data":{"text":{"data":"SDKs"},"items":null,"href":{"data":"/docs/monitor-api/sdks/"},"icon":{},"secondaryText":{"data":"SDKs"}}},{"metadata":{},"data":{"text":{"data":"Go-Live"},"items":null,"href":{"data":"/docs/monitor-api/go-live"},"icon":{},"secondaryText":{"data":"Go-Live"}}},{"metadata":{},"data":{"text":{"data":"API reference"},"items":null,"href":{"data":"/docs/monitor-api/reference"},"icon":{},"secondaryText":{"data":"API reference"}}}]}}},"body":{"data":{"contentful_id":"c35dGSebdeIG1EfJq5udT","node_locale":"en-US","name":"Guide Page: Best practices for handling alerts","heading":null,"internal":{"type":"ContentfulAssemblyGuide"},"body":[{"id":"138d3c14-e3fc-5f2c-9504-b2668295650f","contentful_id":"Vw0FFCEpqCiQfestX5Jv7","node_locale":"en-US","heading":"Best practices for handling alerts","headingLevel":1,"sectionId":null,"multicolumn":false,"noBorder":true,"backgroundKind":null,"paddingTop":null,"paddingBottom":null,"html":{"html":"

Docusign Monitor includes pre-built alerts for common types of suspicious activity, and enables you to create custom alerts using the Monitor API. Because alerts can be triggered by malicious or authorized activity, we provide several options so you can appropriately respond to potential threats as they are investigated and resolved.

Sample alert types:

Corrective actions

When an administrator or security operations team receives an alert from Monitor, they should act quickly to investigate the alert and respond appropriately. For example, if a user fails too many consecutive login attempts, an administrator could reset that user’s password—or take one of the following actions:

Close a user's membership

If an account has been flagged as compromised, you can close that account to prevent additional activity while you investigate.

Required privileges: Docusign Administrator, or eSignature Administrator on the same organization account as the user.

To close the account:

    \n
  1. Select Users in the main menu.\n
    2. \n
  2. Select the user from the display.\n
    3. \n
  3. From the Actions menu, select Close.\n
    4. \n

For more information, see Manage eSignature users.

Revoke the user's administrator privileges

If a delegated admin account is flagged as compromised because of suspicious activity, you can revoke admin privileges while you investigate.

Required privileges: Docusign Administrator

To revoke the user's admin privileges:

    \n
  1. From the Docusign Admin dashboard, click Administrators.\n
    2. \n
  2. Locate the administrator you want to remove.\n
    3. \n
  3. From the Actions menu, select Remove.\n
    4. \n
  4. Choose Confirm.
    5. \n
\n\n

Alternatively, you can change the user profile as described in the User Details section in User Management.

Force a password reset

If an account shows signs of suspicious activity, you can notify the account owner and force a password reset to help prevent unauthorized access.

Required privileges: eSignature Administrator on the user's account

To force a password reset:

    \n
  1. Select Users in the main menu.\n
    2. \n
  2. Select the user from the display.\n
    3. \n
  3. From the Actions menu, select Reset Password.
    4. \n
\n\n

For more information, see the Reset User Password section in Manage Users.

Transfer a user's envelopes and templates

If a user account has been compromised, you can transfer their envelopes and templates to a secure user account.

Required privileges: eSignature Administrator on the user's account

To transfer a user's envelopes and templates:

    \n
  1. Select Users in the main menu.\n
    2. \n
  2. Select the user from the display.\n
    3. \n
  3. From the Actions menu, select Transfer Envelopes or Transfer Templates.
    4. \n
\n

For more information, see the Transfer envelopes or templates between users section in Transfer Envelopes or Templates.

Revoke the user's eSignature administrator privileges

If an eSignature admin account is flagged as compromised because of suspicious activity, you can revoke eSignature admin privileges while you investigate.

Required privileges: Docusign Administrator

To revoke a user's eSignature administrator privileges:

\n\n

For more information see the View and manage details for a user section in User Management.

Restore the user's envelopes

If envelopes were transferred from a potentially compromised account, and that account has been cleared after an investigation, those envelopes can be restored to the original user.

Required privileges: eSignature account administrator

To restore a user's envelopes:

  1. Select Docusign eSignature Agreements tab in the main menu.
  2. In the Envelopes section, select Deleted.
  3. Select the deleted envelopes and then move them to the desired folder.
"},"sys":{"type":"Entry"},"internal":{"type":"ContentfulAssemblyHtmlSection"}},{"id":"496ab542-da11-5c94-bffc-d4c83e1801e7","contentful_id":"7odZrFet9XI49uTsJuvVgB","node_locale":"en-US","heading":"Next steps","headingLevel":2,"sectionId":null,"multicolumn":false,"noBorder":false,"backgroundKind":null,"paddingTop":null,"paddingBottom":null,"html":{"html":""},"sys":{"type":"Entry"},"internal":{"type":"ContentfulAssemblyHtmlSection"}}],"sidebar":{"contentful_id":"57EYtLi7eYEtklU0pSMjGd","href":"/docs/monitor-api/","text":"Monitor API ","node_locale":"en-US","badgeTextOptions":null,"items":[{"text":"Overview","href":"/docs/monitor-api/","items":null},{"text":"Monitor API 101","href":"/docs/monitor-api/monitor101","items":[{"text":"Events and alerts","href":"/docs/monitor-api/monitor101/events-alerts","items":null},{"text":"Tracking data and handling alerts","href":"/docs/monitor-api/monitor101/tracking-data-handling-alerts","items":null},{"text":"Best practices for handling alerts","href":"/docs/monitor-api/monitor101/best-practices-handling-alerts","items":null},{"text":"Authentication","href":"/docs/monitor-api/monitor101/auth","items":null}]},{"text":"How-to guides","href":"/docs/monitor-api/how-to/","items":[{"text":"Code example launchers","href":"/docs/monitor-api/how-to/code-launchers/","items":null},{"text":"Enable Monitor for your organization","href":"/docs/monitor-api/how-to/enable-monitor","items":null},{"text":"Get monitoring data","href":"/docs/monitor-api/how-to/get-monitoring-data/","items":null}]},{"text":"SDKs","href":"/docs/monitor-api/sdks/","items":null},{"text":"Go-Live","href":"/docs/monitor-api/go-live","items":null},{"text":"API reference","href":"/docs/monitor-api/reference","items":null}]},"sys":{"type":"Entry"},"isMarkdownButtonField":null}},"references":{"data":{}},"badgeTextOptions":{"data":{"items":[{"version":{"data":""},"text":{"data":""}}]}}},"metadata":{"description":{},"paragraph":{},"ogTitle":{},"ogDescription":{},"ogImage":{"src":{"data":""}},"keywords":{"data":[]},"locale":"en-US","slug":{"data":"/docs/monitor-api/monitor101/best-practices-handling-alerts/"},"title":{"data":"Best practices for handling alerts"},"typographyScheme":{"data":"non-marketing"},"backgroundKind":{"data":null},"updatedAt":{"data":"2023-05-12T16:03:18.256Z"},"createdAt":{"data":"2023-05-12T16:03:18.256Z"},"contentSource":{"data":"CM"}},"sidebarInitialState":{"Overview":{"href":"/docs/monitor-api/","hrefNew":"","icon":"","open":false,"parents":["Overview"]},"Monitor API 101":{"href":"/docs/monitor-api/monitor101","hrefNew":"","icon":"","open":false,"parents":["Monitor API 101"]},"Monitor API 101%%%%Events and alerts":{"href":"/docs/monitor-api/monitor101/events-alerts","hrefNew":"","icon":"","open":false,"parents":["Monitor API 101","Events and alerts"]},"Monitor API 101%%%%Tracking data and handling alerts":{"href":"/docs/monitor-api/monitor101/tracking-data-handling-alerts","hrefNew":"","icon":"","open":false,"parents":["Monitor API 101","Tracking data and handling alerts"]},"Monitor API 101%%%%Best practices for handling alerts":{"href":"/docs/monitor-api/monitor101/best-practices-handling-alerts","hrefNew":"","icon":"","open":false,"parents":["Monitor API 101","Best practices for handling alerts"]},"Monitor API 101%%%%Authentication":{"href":"/docs/monitor-api/monitor101/auth","hrefNew":"","icon":"","open":false,"parents":["Monitor API 101","Authentication"]},"How-to guides":{"href":"/docs/monitor-api/how-to/","hrefNew":"","icon":"","open":false,"parents":["How-to guides"]},"How-to guides%%%%Code example launchers":{"href":"/docs/monitor-api/how-to/code-launchers/","hrefNew":"","icon":"","open":false,"parents":["How-to guides","Code example launchers"]},"How-to guides%%%%Enable Monitor for your organization":{"href":"/docs/monitor-api/how-to/enable-monitor","hrefNew":"","icon":"","open":false,"parents":["How-to guides","Enable Monitor for your organization"]},"How-to guides%%%%Get monitoring data":{"href":"/docs/monitor-api/how-to/get-monitoring-data/","hrefNew":"","icon":"","open":false,"parents":["How-to guides","Get monitoring data"]},"SDKs":{"href":"/docs/monitor-api/sdks/","hrefNew":"","icon":"","open":false,"parents":["SDKs"]},"Go-Live":{"href":"/docs/monitor-api/go-live","hrefNew":"","icon":"","open":false,"parents":["Go-Live"]},"API reference":{"href":"/docs/monitor-api/reference","hrefNew":"","icon":"","open":false,"parents":["API reference"]}}}},"staticQueryHashes":["1046005517","1065676990","1243170842","1300267169","2141122023","3694524098","3727211561","4014647711","4032413523","791459392"]}