Configuring Advanced Alerts

  1. Go to Endpoint Settings > Alerts > Advanced Alerts.

  2. Select an alert.
  3. In the right pane:

    1. Turn on the Off toggle button.

    2. From the Profile name list, select a notification profile.

      Note:

      The system automatically displays the notification profiles created in Playblocks.

    3. In the Thresholds tab, configure the threshold parameters for the alert:

      Alert Title Alert Description

      Threshold (Minimum number to trigger the action)

      Alert on a phishing attempt detected by Endpoint Security

      The automation notifies upon detection of phishing attack.
      1. Severity (Minimum) - Select minimum severity level of the event to initiate the alert.

      2. Count events in time duration

      3. Threshold (minimum number of events)

      4. Threshold (minimum number of events)

      The automation notifies upon detection of exploit attack.
      The automation notifies upon detection of access to malicious sites.
      The automation notifies upon reuse of the password.
      1. Threshold (minimum number of events)

      The automation notifies upon detection of malicious files.
      1. Attack status - Status of attack that must be considered for the alerts

      2. Severity (Minimum) - Select minimum severity level of the event to initiate the alert

      3. Count events in time duration

      4. Threshold (minimum number of events)

      5. Threshold (minimum number of events)

      The automation notifies upon detection of ransomware attack.

      Notify on bulk uninstallation of Endpoint Security clients

      The automation notifies upon uninstallation of Endpoint Security clients on number of devices.

      1. Number of uninstalled Endpoint Security clients

      2. In time duration

      Notify on Endpoint Security client uninstall password change

      The automation notifies upon change in Endpoint Security client uninstall password.

      None

      Notify on repeated login failures to user Windows device

      The automation notifies upon detecting repeated login failures by the user on Windows devices.

      1. Number of repeated failed login attempts

      2. Select Count failures for each user individually to count the failures for each user individually

      3. In time duration

      The automation notifies if one or more capabilities on the Endpoint Security client stops running or the client is unable to report the capability status.
      1. Number of devices found with this event

      2. Notify on alert activation

      3. Notify on alert resolution

      4. Remind every (Minutes) - Set interval for reminder notifications

      For example, If the threshold for number of devices with this event is set to 5, an automated alert will be sent once the event occurs in at least five endpoints.

      The automation notifies if the Endpoint Security Client deployment failed on the device.
      The automation alerts if the device was not scanned by Endpoint Security Anti-Malware since the specified duration.
      The automation notifies upon the device restrictions initiated by the Endpoint Security Compliance capability.
      The automation notifies upon the triggered compliance warnings.
      The automation notifies upon the detected compliance issues in endpoints.
      The automation notifies upon the Endpoint Security Anti-Malware license expiration. The parameters can be set to configure the frequency of the alert, time to alert before the license is about to expire and so on.
      1. Number of devices found with this event

      2. Near Expiry - Time before expiration to initiate the alert

      3. Notify on alert activation

      4. Notify on alert resolution

      5. Remind every (Minutes) - Set interval for reminder notifications

      The automation notifies if the Endpoint Security client is disconnected.
      1. Number of devices found with this event

      2. Disconnected for - Minimum interval of disconnection to initiate the alert.

      3. Notify on alert activation

      4. Notify on alert resolution

      5. Remind every (Minutes) - Set interval for reminder notifications

      The automation notifies if the Endpoint Security Anti-Malware capability is outdated.
      1. Number of devices found with this event

      2. Outdated - Minimum time a capability is outdated to initiate the alert

      3. Remind every (Minutes) - Set interval for reminder notifications

      The automation notifies if the Endpoint Security Offline-Reputation capability is outdated.
      The automation notifies if theEndpoint Security Static Analysis capability is outdated.

      The automation notifies if the Endpoint Security Behavioral Guard capability is outdated.

    4. On the Messages tab, you can view the Subject and Message of the alert.

    5. Click Save.

  4. Turn on the Off toggle button.
  5. From the Profile name list, select a notification profile.
    Note:

    The system automatically displays the notification profiles created in Playblocks.

  6. In the Thresholds tab, configure the threshold parameters for the alert:

    [Table content preserved exactly as in source]

  7. Severity (Minimum) - Select minimum severity level of the event to initiate the alert.
  8. Count events in time duration
  9. Threshold (minimum number of events)
  10. Threshold (minimum number of events)
  11. Count events in time duration
  12. Threshold (minimum number of events)
  13. Threshold (minimum number of events)
  14. Attack status - Status of attack that must be considered for the alerts
  15. Severity (Minimum) - Select minimum severity level of the event to initiate the alert
  16. Count events in time duration
  17. Threshold (minimum number of events)
  18. Threshold (minimum number of events)
  19. Number of uninstalled Endpoint Security clients
  20. In time duration
  21. Number of repeated failed login attempts
  22. Select Count failures for each user individually to count the failures for each user individually
  23. In time duration
  24. Number of devices found with this event
  25. Notify on alert activation
  26. Notify on alert resolution
  27. Remind every (Minutes) - Set interval for reminder notifications
  28. Number of devices found with this event
  29. Near Expiry - Time before expiration to initiate the alert
  30. Notify on alert activation
  31. Notify on alert resolution
  32. Remind every (Minutes) - Set interval for reminder notifications
  33. Number of devices found with this event
  34. Disconnected for - Minimum interval of disconnection to initiate the alert.
  35. Notify on alert activation
  36. Notify on alert resolution
  37. Remind every (Minutes) - Set interval for reminder notifications
  38. Number of devices found with this event
  39. Outdated - Minimum time a capability is outdated to initiate the alert
  40. Notify on alert activation
  41. Notify on alert resolution
  42. Remind every (Minutes) - Set interval for reminder notifications
  43. On the Messages tab, you can view the Subject and Message of the alert.
  44. Click Save.