Advanced Alerts
Advanced alerts allows you to receive notifications for security and operational events. The notification is sent through preferred communication channels configured in Playblocks:
-
SMS
-
Email
-
Slack
-
Microsoft Teams
|
|
Notes -
|
Configuring Advanced Alerts
-
Go to Endpoint Settings > Alerts > Advanced Alerts.
-
Select an alert.
-
In the right pane:
-
Turn on the Off toggle button.
-
From the Profile name list, select a notification profile.
Note - The system automatically displays the notification profiles created in Playblocks.
-
In the Thresholds tab, configure the threshold parameters for the alert:
Alert Title Alert Description Threshold (Minimum number to trigger the action)
Security Alerts
Alert on a phishing attempt detected by Endpoint Security
The automation notifies upon detection of phishing attack. -
Severity (Minimum) - Select minimum severity level of the event to initiate the alert.
-
Count events in time duration
-
Threshold (minimum number of events)
-
Threshold (minimum number of events)
Alert on exploit attempt detected by Endpoint Security
The automation notifies upon detection of exploit attack. Alert on access to malicious site detected by Endpoint Security
The automation notifies upon detection of access to malicious sites. Alert on password reuse attempt detected by Endpoint Security
The automation notifies upon reuse of the password. -
Count events in time duration
-
Threshold (minimum number of events)
-
Threshold (minimum number of events)
Alert on malicious file detected by Endpoint Security
The automation notifies upon detection of malicious files. -
Attack status - Status of attack that must be considered for the alerts
-
Severity (Minimum) - Select minimum severity level of the event to initiate the alert
-
Count events in time duration
-
Threshold (minimum number of events)
-
Threshold (minimum number of events)
Alert on ransomware attack detected by Endpoint Security
The automation notifies upon detection of ransomware attack. Notify on bulk uninstallation of Endpoint Security clients
The automation notifies upon uninstallation of Endpoint Security clients on number of devices.
-
Number of uninstalled Endpoint Security clients
-
In time duration
Notify on Endpoint Security client uninstall password change
The automation notifies upon change in Endpoint Security client uninstall password.
None
Notify on repeated login failures to user Windows device
The automation notifies upon detecting repeated login failures by the user on Windows devices.
-
Number of repeated failed login attempts
-
Select Count failures for each user individually to count the failures for each user individually
-
In time duration
Operational Alerts
Alert if Endpoint Security client capabilities stop running
The automation notifies if one or more capabilities on the Endpoint Security client stops running or the client is unable to report the capability status. -
Number of devices found with this event
-
Notify on alert activation
-
Notify on alert resolution
-
Remind every (Minutes) - Set interval for reminder notifications
For example, If the threshold for number of devices with this event is set to 5, an automated alert will be sent once the event occurs in at least five endpoints.
Alert on Endpoint Security deployment failure
The automation notifies if the Endpoint Security Client deployment failed on the device. Alert if the device is not scanned by the Endpoint Security Anti-Malware capability
The automation alerts if the device was not scanned by Endpoint Security Anti-Malware 
A component of the Endpoint Security client that protects against known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. since the specified duration. Notify on device restrictions by Endpoint Security
The automation notifies upon the device restrictions initiated by the Endpoint Security Compliance Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. capability. Notify on Endpoint Security compliance warnings
The automation notifies upon the triggered compliance warnings. Alert on Endpoint Security compliance issues
The automation notifies upon the detected compliance issues in endpoints. Alert on Endpoint Security Anti-Malware license expiration
The automation notifies upon the Endpoint Security Anti-Malware license expiration. The parameters can be set to configure the frequency of the alert, time to alert before the license is about to expire and so on. -
Number of devices found with this event
-
Near Expiry - Time before expiration to initiate the alert
-
Notify on alert activation
-
Notify on alert resolution
-
Remind every (Minutes) - Set interval for reminder notifications
Alert on disconnected Endpoint Security clients
The automation notifies if the Endpoint Security client is disconnected. -
Number of devices found with this event
-
Disconnected for - Minimum interval of disconnection to initiate the alert.
-
Notify on alert activation
-
Notify on alert resolution
-
Remind every (Minutes) - Set interval for reminder notifications
Alert on outdated Endpoint Security Anti-Malware
The automation notifies if the Endpoint Security Anti-Malware capability is outdated. -
Number of devices found with this event
-
Outdated - Minimum time a capability is outdated to initiate the alert
-
Notify on alert activation
-
Notify on alert resolution
-
Remind every (Minutes) - Set interval for reminder notifications
Alert on outdated Endpoint Security Offline-Reputation capability
The automation notifies if the Endpoint Security Offline-Reputation capability is outdated. Alert on the outdated Endpoint Security Static Analysis capability
The automation notifies if theEndpoint Security Static Analysis capability is outdated. Alert on the outdated Endpoint Security Behavioral Guard capability
The automation notifies if the Endpoint Security Behavioral Guard capability is outdated.
-
-
On the Messages tab, you can view the Subject and Message of the alert.
-
Click Save.
-
Duplicating an Advanced Alert
You can duplicate an alert and customize to use different thresholds and notification profiles.
-
Select the applicable alert from the list.
-
From the taskbar, click Duplicate button.
-
In the Alert name field, enter the alert name.
-
Click Duplicate.
Editing or Creating a Notification Profile
A notification profile is a configuration setting that defines who receives notifications, when they are sent, and how they are delivered, such as by email, SMS, Teams, or Slack, based on the event's importance.
Notification profiles are created in Playblocks and are automatically displayed in Endpoint Security. You can edit a notification either from Playblocks or Endpoint Security.
|
|
Note - To create and edit a notification profile in Playblocks, see Notifications section in the Playblocks Administration Guide. |
To edit a notification profile
-
From the taskbar, click Notification profiles.
The Notification profiles window appears.
-
From the Profile name list, select a profile.
-
Select a channel and turn on the toggle button.
-
Edit or specify these:
-
To - Recipients to receive the notification.
-
To create a new group, click Create new group.
-
In the Group name field, enter the group name.
-
Update the recipient information as follows:
-
Emails - For Email
-
Phone numbers - For SMS
-
URL - For Slack and Microsoft Teams
-
-
Click Save.
-
-
When - Time interval between notifications.
-
-
To create a new notification profile, click Save As.
-
In the Profile name field, enter a profile name.
-
Click Save.
-
-
To save changes to the current profile, click Save.