Next Topic

Previous Topic

Security Alarms

Security > Security Alarms

The Security Alarms page creates alarms in response to security protections events for selected machine IDs licensed to use Kaseya Endpoint Security.

The list of machine IDs you can select depends on the Machine ID / Group ID filter. To display on this page, machine IDs must have Kaseya Endpoint Security client software installed on the managed machine using the Security > Install/Remove page.

To Create An Alarm

  1. Check any of the following checkboxes to perform their corresponding actions when an alarm is triggered for a machine ID.
    • Create Alarm
    • Create Ticket
    • Run Script after alarm.
    • Email Recipients
  2. Set additional email parameters.
  3. Set security protection event checkboxes.
    • Virus Detected
    • Service Error
    • Protection Enabled
    • Definition Updated
    • Protection Disabled
    • Definition Not Updated For N Days
  4. Check the machine IDs to apply the security alarm to.
  5. Click the Add or Replace radio option.
  6. Click Apply to assign security protection event triggers on selected machine IDs.

    A green checkmark displays for each security protection event selected in the VD PE PD SE DU DNU columns next to each selected machine ID.

To Cancel an Alarm

  1. Select machine ID checkboxes.
  2. Click Remove.

    All green checkmarks are removed from the VD PE PD SE DU DNU columns next to each selected machine ID.

Passing Alarm Information to Emails and Scripts

The following variables are populated with information when an alarm is triggered. These variables can be referenced by any email you send or script you run in response to the triggering of an alarm.

Within an Email

Within a Script

Description

<at>

#at#

alert time

<ep>

#ep#

Kaseya Endpoint Security log message

<gr>

#gr#

group ID

<id>

#id#

machine ID

 

#subject#

subject text of the email message, if an email was sent in response to an alarm

 

#body#

body text of the email message, if an email was sent in response to an alarm

Apply

Click Apply to apply parameters to selected machine IDs. Confirm the parameters have been applied correctly in the machine ID list.

Clear

Click Clear to remove all parameter settings from selected machine IDs.

Create Alarm

The Create Alarm check box is always checked.

Create Ticket

If checked, a new ticket is generated when an alarm is triggered.

Run Script after alarm

If checked, a script is run when an alarm is triggered. You must click the select script link to choose a script to run. You can optionally direct the script to run on a specified range of machine IDs by clicking the this machine ID link. These specified machine IDs do not have to match the machine ID that triggered the alarm.

Email Recipients

If checked, emails are sent to the specified email addresses when an alarm is triggered.

  • Click Format Email to display the Format Alert Email popup window. This window enables you to format the display of emails generated by the system when an alarm is triggered. See Passing Alert Information to Emails and Scripts above.

    Note: Changing this email format changes the format for all security protection alarm emails. You may need to greatly restrict the size of an email alarm message if the destination email address is a pager or some hand-held device.

  • If the Add to current list radio option is selected, when Apply is clicked alarm settings are applied and the specified email addresses are added to selected machine IDs without removing previously assigned email addresses.
  • If the Replace list radio option is selected, when Apply is clicked alarm settings are applied and the specified email addresses replace the existing email addresses assigned to machine IDs.
  • If Remove is clicked, all email addresses are removed from selected machine IDs without modifying any alarm parameters.
  • Email is sent directly from the VSA to the email address specified in the alert. The SMTP service in IIS 4 or 5 sends the email directly to the address specified. Set the From Address using the System > Configure page.

Add / Replace

Select Add or Replace to add or replace security protection event triggers on selected machine IDs when the Apply button is clicked.

Remove

Click Remove to immediately remove security protection event triggers from selected machine IDs.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Check-in status

These icons indicate the agent check-in status of each managed machine:

Agent has checked in

Agent has not recently checked in

Agent has never checked in

Online but waiting for first audit to complete

The agent is online but remote control is disabled

Machine ID.Group ID

The list of Machine ID.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the administrator is authorized to see using System > Group Access.

Delete

Clicking the delete icon deletes security alarms for a machine ID.

Edit

Click a row's edit icon to populate header parameters with values from that row. You can edit these values in the header and re-apply them.

ATSE

The ATSE alarm / response code assigned to machine IDs or SNMP devices:

  • A = Create Alarm
  • T = Create Ticket
  • S = Run Script
  • E = Email Recipients

Email Address

A comma separated list of email addresses where notifications are sent.

VD PE PD SE DU DNU

If checked, triggers a security alarm for the following events:

  • VD - Virus Detected
  • PE - Service Error
  • PD - Protection Enabled
  • SE - Definition Updated
  • DU - Protection Disabled
  • DNU - Definition Not Updated For N Days