Creating Custom Alarms
Tony Wurst
Alarms give administrators a way to capture screenshots or be alerted to specific behaviors on computers running the ActivTrak Agent. Being alerted to these actions make it easy to see what happened and when giving them the tools needed to gain insight into how their team is working.
View Alarms
Log in to the web app and use the left sidebar to navigate to Alarms > Configuration. Any Alarms that have already been created as well as the option to add more will be here.
Note: The default Screenshot alarm "New Activity Screenshot", is listed here as well. It can be toggled on and off, but not deleted.
Creating a New Alarm
1. To start, click on "Create New Alarm" at the top left and then fill out the prompts in the box asking to name the new alarm as well as choose the type of alarm.
There are three types of Alarms:
| Activity | These alarms will be used to capture screenshots and react to employee behavior. |
| USB | Available on the Advanced plan, these will trigger when a USB storage device is inserted or written to. |
| Security Audit | Also available on the Advanced plan, these can be set to trigger when changes are made to the account. |
This guide focuses on Activity Alarms.
2. After naming the alarm and selecting "Activity" the screen will change and a prompt to enter in conditions will appear.
3. Next, conditions will need to be added. Alarms function as an IF: THEN statement. If X happens, do Y. Conditions function as the IF part of this equation.
Depending on the goal of the alarm and which triggers will be used, we'll need to tell the alarm to trigger either when ANY of the conditions are met or only if ALL conditions are met.
There are three parts to a Condition:
Field: This section is where the alarm will look to match the conditions given.
| Computer | Meta Description of the website or application. |
| Description | Meta Description of the website or application. |
|
Duration (Sec) |
How long the user is on that activity. |
| Executable | The name of the application or process. |
| Private IP Address | The network to which the computer is connected. |
| Logon Domain | For large installations and Active Directory-connected computers, the primary domain is where the user logs in. For local users, this is usually the computer name. |
| Primary Domain | For large installations and Active Directory-connected computers, the primary domain is where the computer is connected. |
| Title bar | Located at the top of a window, displays the name of the website or application being used. |
| URL | The website address, for example, www.google.com. |
| User | The name of the user inside ActivTrak. |
Operators: This section tells the agent how to look for the keyword in the selected field.
| Contains | The keyword is present somewhere in the field. |
| Does Not Contain | The keyword is NOT present somewhere in the field. |
| Ends with | The keyword is the last part of the string in the field. |
| Equal to | The keyword is exactly what is entered in the field. For example "Google.com" will exclude "www.Google.com". |
| Not Equal to | The keyword does not appear in the way it was entered in the field. |
| Starts with | The keyword appears at the beginning of the string. |
| Greater than | For fields with numerical values. For example, if Duration (seconds) is greater than "10", would tell the Alarm to trigger if a user was active for 11 seconds or longer. |
| Value | The keyword or number that the Alarm is looking for in order to trigger. This can be the website name, username, keyword in a title bar or description, or the time in seconds the user is active on a particular window. |
4. Finally, the Alarm can be toggled to look for the Value to be case sensitive or not.
5. There is also the option to trigger only for specific users, or to tell the Alarm to trigger for everyone except a specific user (for example, someone in Human Resources)
Note: When using conditions that require a change from "Match Any" to "Match All" the following warning will appear:
6. Now that the Conditions are set, it's time to tell the agent what actions to take when the Alarm is triggered.
There are six main actions that can be set:
| Screen Captures | Screen Captures tell the agent to take a screenshot when the alarm is triggered. Advanced accounts have the option to take multiple screenshots at a user-defined interval, with the minimum being 10 seconds. |
| Pop-up Messages | Pop-Up Messages are on-screen notifications administrators can have displayed on the end user's screen if the Alarm is triggered. The message can be custom-tailored to whatever the administrator would like and has the option for pre-filled text. |
| Email Notifications | Email Notifications allow the administrator to be alerted whenever the Alarm triggers. The "To" field can be populated by anyone who is listed inside Account > Access. Just like with Pop Up Messages, the Subject and Email Body field can be prefilled with the fields offered or the administrator can create a custom message. |
| Webhook Notifications | Webhooks allow administrators to integrate ActivTrak alarms into other applications such as Slack or Zapier. Simply plug in the URL generated by the destination application and any additional parameters if needed. |
| Terminate | Activating the Terminate action on an Alarm tells the agent to close the application that triggered that alarm. Using the Facebook example from above, if a user were to open Facebook with this Alarm active, the browser would be closed immediately, including non-Facebook tabs the user may have been using. |
| Alarm Risk Level | This allows administrators to assign a point value to certain alarms, making it easier to detect and quickly analyze certain behaviors. |
7. Be sure to click the green Save button either at the top or bottom of the page!
Alarms Based on System Events such as LOGON
Admins may want to set alarms based off of a system event. A common question is how to set a pop-up to remind users upon login that they are being tracked. This requires both Titlebar and Executable conditions.
1. Go to Alarms > Configuration and then either add a new Activity alarm or edit an existing one.
2. For a pop-up, 'All Users and Computers' must be selected. If a pop-up is not required and an email notification is needed instead for example, specific groups can be selected.
3. Conditions must be set to MATCH ALL. Note: this also means that triggers based on LOGON and LOGOFF will require separate alarms.
4. Add both the Titlebar AND Executable conditions as seen below. In our specific example, the titlebar equals "LOGON" and the executable equals "SYSTEM EVENT".
5. If applicable, toggle the pop-up on and type in the message that should be displayed at login. Or, toggle any other desired action(s) such as screenshot, email, etc. for when the alarm is triggered.
6. Click the green Save button either at the top or bottom of the page, and then make sure the alarm is activated. Enabled alarms will all be toggled blue on the main Alarm Configuration page.
Was this article helpful?
5 out of 14 found this helpful
Comments
No comments