Advanced Alerts

Advanced alerts allows you to receive notifications for security and operational events. The notification is sent through preferred communication channels configured in Infinity Playblocks:

SMS
Email
Slack
Microsoft Teams

Note - Make sure that you have configured Connectors and Notifications profiles in Infinity Playblocks. For more information, see Infinity Playblocks Administration Guide.

Configuring Advanced Alerts

Go to Endpoint Settings > Alerts > Advanced Alerts.
Select an alert.

In the right pane:

Turn on the Off toggle button.

From the Profile name list, select a notification profile.

Note - The system automatically displays the notification profiles created in Infinity Playblocks.

In the Thresholds tab, configure the threshold parameters for the alert:

Alert Title	Alert Description	Threshold (Minimum number to trigger the action)
Security Alerts
Alert on a phishing attempt detected by Harmony Endpoint	The automation notifies upon detection of phishing attack.	Severity (Minimum) - Select minimum severity level of the event to initiate the alert. Count events in time duration Threshold (minimum number of events) Threshold (minimum number of events)
Alert on exploit attempt detected by Harmony Endpoint	The automation notifies upon detection of exploit attack.
Alert on access to malicious site detected by Harmony Endpoint	The automation notifies upon detection of access to malicious sites.
Alert on password reuse attempt detected by Harmony Endpoint	The automation notifies upon reuse of the password.	Count events in time duration Threshold (minimum number of events) Threshold (minimum number of events)
Alert on malicious file detected by Harmony Endpoint	The automation notifies upon detection of malicious files.	Attack status - Status of attack that must be considered for the alerts Severity (Minimum) - Select minimum severity level of the event to initiate the alert Count events in time duration Threshold (minimum number of events) Threshold (minimum number of events)
Alert on ransomware attack detected by Harmony Endpoint	The automation notifies upon detection of ransomware attack.
Notify on bulk uninstallation of Harmony Endpoint clients	The automation notifies upon uninstallation of Harmony Endpoint clients on number of devices.	Number of uninstalled Harmony Endpoint clients In time duration
Notify on Harmony Endpoint client uninstall password change	The automation notifies upon change in Harmony Endpoint client uninstall password.	None
Notify on repeated login failures to user Windows device	The automation notifies upon detecting repeated login failures by the user on Windows devices.	Number of repeated failed login attempts Select Count failures for each user individually to count the failures for each user individually In time duration
Operational Alerts
Alert if Harmony Endpoint client capabilities stop running	The automation notifies if one or more capabilities on the Harmony Endpoint Security client stops running or the client is unable to report the capability status.	Number of devices found with this event Notify on alert activation Notify on alert resolution Remind every (Minutes) - Set interval for reminder notifications For example, If the threshold for number of devices with this event is set to 5, an automated alert will be sent once the event occurs in at least five endpoints.
Alert on Harmony Endpoint deployment failure	The automation notifies if the Harmony Endpoint Security Client Application installed on end-user computers to monitor security status and enforce security policies. deployment failed on the device.
Alert if the device is not scanned by the Harmony Endpoint Anti-Malware capability	The automation alerts if the device was not scanned by Harmony Endpoint Anti-Malware A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. since the specified duration.
Notify on device restrictions by Harmony Endpoint	The automation notifies upon the device restrictions initiated by the Harmony Endpoint Compliance Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. capability.
Notify on Harmony Endpoint compliance warnings	The automation notifies upon the triggered compliance warnings.
Alert on Harmony Endpoint compliance issues	The automation notifies upon the detected compliance issues in endpoints.
Alert on Harmony Endpoint Anti-Malware license expiration	The automation notifies upon the Harmony Endpoint Anti-Malware license expiration. The parameters can be set to configure the frequency of the alert, time to alert before the license is about to expire and so on.	Number of devices found with this event Near Expiry - Time before expiration to initiate the alert Notify on alert activation Notify on alert resolution Remind every (Minutes) - Set interval for reminder notifications
Alert on disconnected Harmony Endpoint clients	The automation notifies if the harmony Endpoint client is disconnected.	Number of devices found with this event Disconnected for - Minimum interval of disconnection to initiate the alert. Notify on alert activation Notify on alert resolution Remind every (Minutes) - Set interval for reminder notifications
Alert on outdated Harmony Endpoint Anti-Malware	The automation notifies if the harmony Endpoint Anti-Malware capability is outdated.	Number of devices found with this event Outdated - Minimum time a capability is outdated to initiate the alert Notify on alert activation Notify on alert resolution Remind every (Minutes) - Set interval for reminder notifications
Alert on outdated Harmony Endpoint Offline-Reputation capability	The automation notifies if the Harmony Endpoint Offline-Reputation capability is outdated.
Alert on the outdated Harmony Endpoint Static Analysis capability	The automation notifies if the Harmony Endpoint Static Analysis capability is outdated.
Alert on the outdated Harmony Endpoint Behavioral Guard capability	The automation notifies if the Harmony Endpoint Behavioral Guard capability is outdated.

On the Messages tab, you can view the Subject and Message of the alert.
Click Save.

Duplicating an Advanced Alert

You can duplicate an alert and customize to use different thresholds and notification profiles.

Select the applicable alert from the list.
From the taskbar, click Duplicate button.
In the Alert name field, enter the alert name.
Click Duplicate.

Editing or Creating a Notification Profile

Notification profiles are created in Infinity Playblocks and are automatically displayed in Harmony Endpoint. You can edit a notification either from Infinity Playblocks or Harmony Endpoint.

Note - To create and edit a notification profile in Infinity Playblocks, see Notifications section in the Infinity Playblocks Administration Guide.

To edit a notification profile

From the taskbar, click Notification profiles.

The Notification profiles window appears.
From the Profile name list, select a profile.
Select a channel and turn on the toggle button.
Edit or specify these:
- To - Recipients to receive the notification.
- To create a new group, click Create new group.
  1. In the Group name field, enter the group name.
  2. Update the recipient information as follows:
    - Emails - For Email
    - Phone numbers - For SMS
    - URL - For Slack and Microsoft Teams
  3. Click Save.
- When - Time interval between notifications.
To create a new notification profile, click Save As.
1. In the Profile name field, enter a profile name.
2. Click Save.
To save changes to the current profile, click Save.