Configuring Advanced Alerts
-
Go to Endpoint Settings > Alerts > Advanced Alerts.

- Select an alert.
-
In the right pane:

-
Turn on the Off toggle button.
-
From the Profile name list, select a notification profile.
Note:The system automatically displays the notification profiles created in Playblocks.
-
In the Thresholds tab, configure the threshold parameters for the alert:
Alert Title Alert Description Threshold (Minimum number to trigger the action)
Security Alerts
Alert on a phishing attempt detected by Endpoint Security
The automation notifies upon detection of phishing attack. Severity (Minimum) - Select minimum severity level of the event to initiate the alert.
Count events in time duration
Threshold (minimum number of events)
Threshold (minimum number of events)
Alert on exploit attempt detected by Endpoint Security
The automation notifies upon detection of exploit attack. Alert on access to malicious site detected by Endpoint Security
The automation notifies upon detection of access to malicious sites. Alert on password reuse attempt detected by Endpoint Security
The automation notifies upon reuse of the password. Count events in time duration
Threshold (minimum number of events)
Threshold (minimum number of events)
Alert on malicious file detected by Endpoint Security
The automation notifies upon detection of malicious files. Attack status - Status of attack that must be considered for the alerts
Severity (Minimum) - Select minimum severity level of the event to initiate the alert
Count events in time duration
Threshold (minimum number of events)
Threshold (minimum number of events)
Alert on ransomware attack detected by Endpoint Security
The automation notifies upon detection of ransomware attack. Notify on bulk uninstallation of Endpoint Security clients
The automation notifies upon uninstallation of Endpoint Security clients on number of devices.
Number of uninstalled Endpoint Security clients
In time duration
Notify on Endpoint Security client uninstall password change
The automation notifies upon change in Endpoint Security client uninstall password.
None
Notify on repeated login failures to user Windows device
The automation notifies upon detecting repeated login failures by the user on Windows devices.
Number of repeated failed login attempts
Select Count failures for each user individually to count the failures for each user individually
In time duration
Operational Alerts
Alert if Endpoint Security client capabilities stop running
The automation notifies if one or more capabilities on the Endpoint Security client stops running or the client is unable to report the capability status. Number of devices found with this event
Notify on alert activation
Notify on alert resolution
Remind every (Minutes) - Set interval for reminder notifications
For example, If the threshold for number of devices with this event is set to 5, an automated alert will be sent once the event occurs in at least five endpoints.
Alert on Endpoint Security deployment failure
The automation notifies if the Endpoint Security Client deployment failed on the device. Alert if the device is not scanned by the Endpoint Security Anti-Malware capability
The automation alerts if the device was not scanned by Endpoint Security Anti-Malware since the specified duration. Notify on device restrictions by Endpoint Security
The automation notifies upon the device restrictions initiated by the Endpoint Security Compliance capability. Notify on Endpoint Security compliance warnings
The automation notifies upon the triggered compliance warnings. Alert on Endpoint Security compliance issues
The automation notifies upon the detected compliance issues in endpoints. Alert on Endpoint Security Anti-Malware license expiration
The automation notifies upon the Endpoint Security Anti-Malware license expiration. The parameters can be set to configure the frequency of the alert, time to alert before the license is about to expire and so on. Number of devices found with this event
Near Expiry - Time before expiration to initiate the alert
Notify on alert activation
Notify on alert resolution
Remind every (Minutes) - Set interval for reminder notifications
Alert on disconnected Endpoint Security clients
The automation notifies if the Endpoint Security client is disconnected. Number of devices found with this event
Disconnected for - Minimum interval of disconnection to initiate the alert.
Notify on alert activation
Notify on alert resolution
Remind every (Minutes) - Set interval for reminder notifications
Alert on outdated Endpoint Security Anti-Malware
The automation notifies if the Endpoint Security Anti-Malware capability is outdated. Number of devices found with this event
Outdated - Minimum time a capability is outdated to initiate the alert
Notify on alert activation
Notify on alert resolution
Remind every (Minutes) - Set interval for reminder notifications
Alert on outdated Endpoint Security Offline-Reputation capability
The automation notifies if the Endpoint Security Offline-Reputation capability is outdated. Alert on the outdated Endpoint Security Static Analysis capability
The automation notifies if theEndpoint Security Static Analysis capability is outdated. Alert on the outdated Endpoint Security Behavioral Guard capability
The automation notifies if the Endpoint Security Behavioral Guard capability is outdated.
-
On the Messages tab, you can view the Subject and Message of the alert.
-
Click Save.
-
- Turn on the Off toggle button.
-
From the Profile name list, select a notification profile.
Note:
The system automatically displays the notification profiles created in Playblocks.
-
In the Thresholds tab, configure the threshold parameters for the alert:
[Table content preserved exactly as in source]
- Severity (Minimum) - Select minimum severity level of the event to initiate the alert.
- Count events in time duration
- Threshold (minimum number of events)
- Threshold (minimum number of events)
- Count events in time duration
- Threshold (minimum number of events)
- Threshold (minimum number of events)
- Attack status - Status of attack that must be considered for the alerts
- Severity (Minimum) - Select minimum severity level of the event to initiate the alert
- Count events in time duration
- Threshold (minimum number of events)
- Threshold (minimum number of events)
- Number of uninstalled Endpoint Security clients
- In time duration
- Number of repeated failed login attempts
- Select Count failures for each user individually to count the failures for each user individually
- In time duration
- Number of devices found with this event
- Notify on alert activation
- Notify on alert resolution
- Remind every (Minutes) - Set interval for reminder notifications
- Number of devices found with this event
- Near Expiry - Time before expiration to initiate the alert
- Notify on alert activation
- Notify on alert resolution
- Remind every (Minutes) - Set interval for reminder notifications
- Number of devices found with this event
- Disconnected for - Minimum interval of disconnection to initiate the alert.
- Notify on alert activation
- Notify on alert resolution
- Remind every (Minutes) - Set interval for reminder notifications
- Number of devices found with this event
- Outdated - Minimum time a capability is outdated to initiate the alert
- Notify on alert activation
- Notify on alert resolution
- Remind every (Minutes) - Set interval for reminder notifications
- On the Messages tab, you can view the Subject and Message of the alert.
- Click Save.