I tried putting both risks in the same job at first, but then it started flagging Alerts for all Critical Actions, not just the two I had entered.

Plus, they now want to handle mitigated users differently for these two risks. On one they want to include mitigated users and on the other they want to exclude, so I can't put them in the same job.

So, gets back to my original question about having multiple Alert jobs.

Thanks.

I've found out a few things:

1 - There is a problem with putting multiple risks in the same Alert job. If you build a Critical Actions Alert job with multiple individual risks, it stores an '*' for this risk id instead of the individual risks and you end up running an Alert for all risks. Using a range of risks seems to work correctly. (This has been called in to SAP Support.)

2 - You cannot build two separate Alert jobs for the same system. Each run of an Alert job retrieves transaction information that occurs from the last time an Alert job was run, and the job only looks at the information that was captured on that run. So if you have an Alert for RISK1 that runs at 1 AM, and another Alert for RISK2 that runs at 2 AM, the RISK2 job only looks at activity that occurred between 1 AM and 2 AM.

3 - You can build an Alert job for multiple risks (as long as you use a risk range, see 1), but the "Consider mitigated users" setting applies to all of the risks for that job. My problem here is that the users want to show both mitigated and unmitigated users for one risk, but then only want to show unmitigated users for the other risk.

Anybody have any ideas on how I could generate the Alerts for these two risks? I've haven't been able to think of a way around the issues mentioned above.

Thanks.

Hi good evening.

I have the same problem like you.

I have severeal Critical risks and I have to notify a group of them by sending an email. I followed your steps but these steps didn´t help me.

I´ll tell you how was my procedure:

1) First of all, I selected the system and then I clicked on Critical Actions, after that, I deleted the * from the Risk Id box. Next, I pressed on the arrow icon. Once the new window had emerged, I deleted the row with * frorm the first tab, therefore I clicked on the Range tab, and filled the rows with the wanted critical risks.

After all, I checked the Critical Actions box from the bottom (Alert Notification) and scheduled the job.

But finally, I received emails from those Critical risks that I wouldn´t have to receive any notification.

2) Other procedure that I made, was. Consider the mitigated users in those risks that I wont received emails. To do this, previously I mitigated that kind of risks (those risks that I wont receive emails). Back to the Alert Configuration job, I checked the Consider Mitigation Users from the Critical Actions, and in the Critical Risk box I put a * .

But like in the previous procedure I still have emails and the most controversial thing was that in the parameters of the job I saw that the option of CRIT_CONS_MIT-USER has false value and CONF_CONS_MIT-USER as true.

For these reasons, do you know everything related with these problem?. Could be a GRC´s configuration problem?

Finally I would be delighted with some response about it.