|
|
|
|
Apply Alarm Sets
The Apply Alarm Sets page creates alerts in response to security protection alarm conditions defined using Define Alarm Sets. The alarms sets are applied to selected machine IDs licensed to use Endpoint Security.
The list of machine IDs you can select depends on the machine ID / group ID filter. To display on this page, machine IDs must have the Endpoint Security client software installed on the managed machine using the Security > Install/Remove page.
The page provides you with four actions:
- Apply - Apply a selected alarm set to selected machine IDs.
- Remove - Remove a selected alarm set from selected machine IDs.
- Remove All - Remove all alarm sets assigned to selected machine IDs.
- Format Email - Format the email sent to email recipients. This option only displays for master role users.
To Create an Alert
- Check any of these checkboxes to perform their corresponding actions when an alarm condition is encountered:
- Create Alarm
- Create Ticket
- Run Script
- Email Recipients
- Set additional email parameters.
- Select an alarm set.
- Check the machine IDs to apply the alarm set to.
- Click Apply to assign the alarm set to selected machine IDs.
To Cancel an Alert
- Select machine ID checkboxes.
- Click Remove to remove the assigned alarm set from selected machine IDs.
Passing Alert Information to Emails and Procedures
The following types of Apply Alarm Sets alert emails can be sent and formatted:
- Security Alarm
Note: Changing this email format changes the format for all Apply Alarm Sets alert emails. You may need to greatly restrict the size of an email alarm message if the destination email address is a pager or some hand-held device.
The following variables can be included in your formatted email alerts.
Within an Email |
Within a Procedure |
Description |
<as> |
#as# |
KES alarm set |
<at> |
#at# |
alert time |
<db-view.column> |
not available |
Include a view.column from the database. For example, to include the computer name of the machine generating the alert in an email, use <db-vMachine.ComputerName> |
<gr> |
#gr# |
group ID |
<id> |
#id# |
machine ID |
<sm> |
#sm# |
security alarm |
<st> |
#st# |
security alarm specific title |
<tk> |
#tk# |
ticket ID |
<ty> |
#ty# |
security alarm type |
|
#subject# |
subject text of the email message, if an email was sent in response to an alarm |
|
#body# |
body text of the email message, if an email was sent in response to an alarm |
Create Alarm
If checked and an alarm condition is encountered, an alarm is created. Alarms are displayed in Monitor > Dashboard List, Monitor > Alarm Summary and Info Center > Reports > Logs > Alarm Log.
Create Ticket
If checked and an alarm condition is encountered, a ticket is created.
Run Script
If checked and an alarm condition is encountered, an agent procedure is run. You must click the select agent procedure link to choose an agent procedure to run. You can optionally direct the agent procedure to run on a specified range of machine IDs by clicking this machine ID link. These specified machine IDs do not have to match the machine ID that encountered the alarm condition.
Email Recipients
If checked and an alarm condition is encountered, emails are sent to the specified email addresses.
- Click Format Email to display the Format Alert Email popup window. This window enables you to format the display of emails generated by the system when an alarm is triggered. See Passing Alert Information to Emails and Procedures above. This option only displays for master role users.
- Email is sent directly from the VSA to the email address specified in the alert. Set the From Address using System > Outbound Email.
Select an Alarm Set
Select an alarm set to apply to selected machine IDs.
Check-in status
These icons indicate the agent check-in status of each managed machine. Hovering the cursor over a check-in icon displays the agent quick view window.
Online but waiting for first audit to complete
Agent online
Agent online and user currently logged on.
Agent online and user currently logged on, but user not active for 10 minutes
Agent is currently offline
Agent has never checked in
Agent is online but remote control has been disabled
The agent has been suspended
Note: Different icon images display when this add-on module is installed in a 5.x VSA. The Remote Control > Control Machine page displays a legend of the specific icons your VSA system is using.
(Select All Checkbox)
Click this checkbox to select all rows in the paging area. If checked, click this checkbox to unselect all rows in the paging area.
Machine.Group ID
The list of Machine.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the user is authorized to see using System > User Security > Scopes.
Alarm Set
Lists the alarm sets assigned to each machine ID.
ATSE
The ATSE response code assigned to machine IDs or SNMP devices:
- A = Create Alarm
- T = Create Ticket
- S = Run Agent Procedure
- E = Email Recipients
Email Address
A comma separated list of email addresses where notifications are sent.
Topic 2949: Send Feedback. Download a PDF of this online book from the first topic in the table of contents. Print this topic.