Nortel CallPilot Administrator's Manual page 107

Alarms that can be generated
The following alarms are generated whenever a logon or thru-dial attempt
originates from a monitored CLID:
Event number
55750
55751
55752
55753
55754
55755
How to respond to alarms
If a specific mailbox is being targeted, determine if the mailbox is in use.
•
•
Monitoring options
You can monitor
•
•
•
To monitor CLIDs
Step
1
2
3
Copyright © 2007, Nortel Networks
.
Monitoring internal and external activity by calling line ID 107
Description
Successful login to a mailbox from a DN monitored by
Hacker Monitor.
Failed login attempt to a mailbox from a DN monitored
by Hacker Monitor.
A thru-dial attempt was successful from a mailbox that
is monitored by Hacker Monitor.
A thru-dial attempt was unsuccessful from a mailbox
that is monitored by Hacker Monitor.
A thru-dial attempt was successful from inside an
Application Builder application.
A thru-dial attempt was unsuccessful from inside an
Application Builder application.
If the mailbox is being used, inform the user and ask him or her to
change the mailbox password immediately.
If the mailbox is unused, delete it immediately.
all CLIDs for suspicious behavior, or you can specify certain CLIDs to
be monitored
logon or thru-dial attempts
for the entire day, or for a specified time period
Action
On the CallPilot Manager toolbar, select Messaging > Security
Administration.
Under the CLIDs section, click the checkbox Monitor CLIDs for All
Mailbox Logins and all Thru-Dials on the System.
Result: The Add and Delete buttons are enabled.
Select the times when you would like the Hacker Monitor active.
Nortel CallPilot
Administrator Guide
NN44200-601 01.11 Standard
5.0 9 November 2007