SQL Compliance Manager can generate an event alert when it finds a suspicious event in your audit data. Alert rules define what a suspicious event is and how SQL CM should respond. For example, you can create a rule to alert on DML events that occur on a sensitive database. You can configure SQL CM to write a custom alert message to the application event log and send an alert email notification to your corporate and personal SMTP accounts when the alert is triggered. For more information, see Use Event Alerts to analyze audit data.
SQL Compliance Manager only alerts on the events you select for an audited SQL Server instance or database. After the Collection Server processes the raw event data sent by the SQLcompliance Agent, the Collection Server uses the criteria defined by your alert rules to search for suspicious events. When a matching event is found, the alert is triggered. If you specified a message for this alert, SQL CM saves the alert message in the SQLcompliance Repository database. You can view alert messages and the corresponding events using the Event Alerts tab on the Select SQL Server Instance view.
Depending on the amount of alert activity your environment generates, you may want to groom alert messages on a routine basis. For more information, see Groom alerts from Repository.