ºÚÁϺ£½Ç91Èë¿Ú

FAQ: Device Monitoring and Alerting

ºÚÁϺ£½Ç91Èë¿Ú Device Monitoring and Alerting provides you the ability to monitor the device fleet and key directory changes in near real time, so you can quickly identify and respond to issues that need attention. The following is a list of commonly asked questions about ºÚÁϺ£½Ç91Èë¿Ú Alerts.

What devices are supported with Device Monitoring and Alerting?

MacOS, Windows, and Linux devices compatible with ºÚÁϺ£½Ç91Èë¿Ú Agent are supported. Mobile devices are not currently supported. 

How frequently are alerts checked and generated?

Alert frequency depends on specific rule types. Alerts rules based on directory changes or ºÚÁϺ£½Ç91Èë¿Ú Agent actions are reported immediately, while other system-level checks will occur at regular intervals. The UI provides information about the update interval in the rule details as well as in the alerts generated.

Can I receive notifications for alerts via email or other channels?

Currently, alerts can be viewed and managed within the admin console only. External notifications like email and slack are on the roadmap for future releases.

Can alerts be integrated with external ticketing systems?

Ticketing integrations will be considered for future releases.

Can alert rules be applied to specific device groups?

Device group targeting differs based on the types of alert rules:

  1. For alerts based on ºÚÁϺ£½Ç91Èë¿Ú Agent activity (e.g., command execution, policy application, software installation), the rules automatically target the device or device groups bound with the underlying objects. This means the scope of the rules will be the same as the devices or groups bound to the associated commands, policies, or software deployments.
  2. For alerts based on other system metrics or state (e.g., disk usage, user-initiated software changes, system availability, etc), you will have the ability to target the rules to specific device groups. 
How does custom script-based monitoring work?

Custom script-based monitoring involves creating specific scripts that can be scheduled to run through the ºÚÁϺ£½Ç91Èë¿Ú Commands module. Administrators can link these scripts to command-monitoring rules. If a script exits with a non-zero exit code, it triggers an alert. This setup allows for flexible and tailored monitoring rules.

Why am I not receiving alerts for a policy or script that keeps failing?

Alerts are triggered only when a policy or script fails for the first time, indicating a change from a previously successful state or a failure on the initial run of a new script/policy. Once an alert has been generated, repeated failures will not produce additional alerts.

Will this feature help replace our dedicated endpoint security solutions?

While our monitoring provides valuable insights, it's designed as a monitoring and alerting solution rather than a dedicated security tool. It may complement but not fully replace specialized security software.

How long are alerts retained?

Alerts are retained for 30 days, irrespective of their Status. After this period, they are removed from the alerts dashboard.

Are changes to monitoring rules or alerts logged?

Yes, all changes to alert rules and triggered alerts are logged in Directory Insights under a new service called Alerts. Look for events such as rule_config_created and alert_created, among others.

Can I filter or search alerts in the UI?

Yes, you can filter and search for alerts by type, priority, or time range. You can also sort them as needed.

Where can I find the legacy alerts previously available via the bell icon?

Legacy alerts can be accessed using the Legacy Alerts option at the top right corner of the alerts page.

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case