ActivTrak alarms are extremely versatile and make it possible to capture most, if not all relevant computer activity. The alarms themselves consist of two parts that together create an 'if : then' statement.
There are three types of Alarms we can create:
Activity Alarms, which are triggered by a flexible combination of conditions and allow you to generate emails, screenshots, webhooks, and pop-up messages and/or terminate the related application.
USB alarms, available with the Advanced Premium Plan, allow you to generate emails, screenshots, webhooks, or popup messages when a USB device is inserted or written to.
Security Audit, also available with the Advanced Premium Plan, allows you to generate emails or webhooks for events written to the Security Audit Log, which records all administrator or user activity to the account.
CREATING AN ALARM:
The first step is to create your conditions, which will equate to the activity you'd like to capture and/or terminate, this is your 'if.' Next, choose what you'd like to happen when that activity triggers your alarm. You have the option to send an email alert to yourself, capture screenshots, send a pop-up message to the user on the workstation, and terminate the application that triggered the alarm. These options are your 'then.'
Let's get into how to create conditions.
Conditions are the If part of your If:then statement where you'll create a logical statement to which the alarm will match and fire on.
Each condition will require four parts, a field, condition, value, and case sensitive acknowledgment.
When creating your alarm, you have the option to choose your match-type. This means you can either have the alarm fire when all conditions are met collectively or when any one condition is met independently.
The 'Field' is the section to which the alarm will look at to match your conditions. Here are the available fields and their corresponding meaning:
Computer: Monitored Workstation
Description: Meta description of the application or website.
Duration (Sec): How long the user is on that page.
Executable: The application.
Private IP Address: The network to which the workstation is connected.
Logon Domain: For large installations and AD connected workstations, the primary domain is where the User logs in.
Primary Domain: For large installations and AD connected workstations, the primary domain is where the computer is connected.
Titlebar: Located at the top of a window, displays the name of the website or application being used.
URL: The Website URL
User: The name of the User in ActivTrak.
The operators signify how to look for the keyword within the selected field. Here are the available operators and their corresponding meaning:
Contains: Means the keyword is there somewhere.
Does not Contain: Means the keyword is not there anywhere.
Ends with: Means the keyword is the last thing in a string.
Equal to: Means it will search for the keyword exactly how it is written, and nothing else.
Not Equal to: Means the keyword does not appear in the way it is input at all.
Starts With: Means the keyword appears at the beginning of the string.
Greater than: This operator is mainly for time on page.
The keyword is what you're looking for to trigger the alarm. This can be the website name, username, keyword in a titlebar or description,or the time in seconds the user is on the page.
Only check this box if you want the keyword to be applied exactly how it's input in regards to the capitalization of the letters.
Now that we've input each field for our conditions, let's see what they look like as a whole.
Here are all of our created conditions to have an Alarm trigger if a user goes to Facebook:
Actions are the 'then' in your if:then statement. When alarm conditions are met, you select the actions you'd like to happen here in the actions section. Here are the available actions and their corresponding meaning:
Selecting this option tells ActivTrak to take a Screenshot when the alarm is triggered.
Multiple screenshots can be set to capture at specified intervals as part of the Advanced Premium Plan.
Selecting this option tells ActivTrak to send a custom pop-up message to the monitored workstation when the alarm is triggered.
Selecting this option tells ActivTrak to send you an email notification when the alarm is triggered. Certain information can be prefilled, such as user, computer, executable, etc.
Enabling webhook notifications will allow you to integrate ActivTrak alarms into other applications such as Slack.
Selecting this option tells ActivTrak to terminate the application that triggered the alarm.
Alarm Risk Level:
Alarm Risk Level allows you to assign a higher or lower risk to certain activities. For example, if someone using a music application while working, that might be considered lower risk, whereas browsing Youtube or a gaming related website could be considered higher. The Advanced Premium plan allows for customization of this setting.
After you've input all of your conditions and selected your post-trigger actions, be sure you've toggled Activate Alarm on the checkbox at the top right of the page.