Alarms give administrators a way to capture screenshots or be alerted to specific behaviors on computers running the ActivTrak Agent. Being alerted to these actions make it easy to see what happened and when giving them the tools needed to gain insight into how their team is working.
Using alarms, administrators gain much more flexibility in choosing when screenshots are captured as well as adding more potential reactions to alarm triggers.
To view your Alarms, log into the web app and use the left sidebar to navigate to Alarms
Here you will see any Alarms you have already created as well as the option to add more.
Note: The default Screenshot alarm "Screenshot every 20s", is listed here as well. It can be toggled on and off, but not deleted. This alarm is also available to enable or disable in Screenshots - Configuration.
To start, click on "Create New Alarm" at the top left and you will be presented with a screen asking you to name your new alarm as well as choose what type of alarm you want to create.
There are three types of Alarms:
- Activity: These alarms will be used to capture screenshots and react to employee behavior
- USB: Available on the Advanced plan, these will trigger when a USB storage device is inserted or written to.
- Security Audit: Also available on the Advanced plan, these can be set to trigger when changes are made to the account.
This guide focuses on Activity Alarms.
After naming the alarm and selecting "Activity" the screen will change and you will be prompted to enter in some conditions.
The first task is to add conditions to tell the Alarm when to trigger.
Depending on the goal of the alarm and which triggers will be used, we'll need to tell the alarm to trigger either when ANY of the conditions are met or only if ALL conditions are met.
Next, conditions will need to be added. Alarms function as an IF: THEN statement. If X happens, do Y. Conditions function as the IF part of this equation.
There are three parts to a Condition:
- Field: This section is where the alarm will look to match your conditions.
- Computer: The name of the monitored computer.
- Description: Meta description of the website or application.
- Duration (Sec): How long the user is on that activity.
- Executable: The name of the application or process.
- Private IP Address: The network to which the computer is connected.
- Logon Domain: For large installations and Active Directory connected computers, the primary domain is where the user logs in. For local users, this is usually the computer name. This article explains domains in greater detail.
- Primary Domain: For large installations and Active Directory connected computers, the primary domain is where the computer is connected.
- Titlebar: Located at the top of a window, displays the name of the website or application being used.
- URL: The website address, for example, www.google.com.
- User: The name of the user inside ActivTrak.
- Computer: The name of the monitored computer.
- Operators: This section tells the agent how to look for the keyword in the selected field.
- Contains: The keyword is present somewhere in the field.
- Does Not Contain: The keyword is NOT present somewhere in the field.
- Ends with: The keyword is the last part of the string in the field.
- Equal to: The keyword is exactly what is entered in the field. For example "Google.com" will exclude "www.Google.com".
- Not Equal to: The keyword does not appear in the way it was entered in the field.
- Starts with: The keyword appears at the beginning of the string.
- Greater than: For fields with numerical values. For example, if Duration (seconds) is greater than "10", would tell the Alarm to trigger if a user was active for 11 seconds or longer.
- Value: The keyword or number that the Alarm is looking for in order to trigger. This can be the website name, username, keyword in a title bar or description, or the time in seconds the user is active on a particular window.
Finally, the Alarm can be toggled to look for the Value to be case sensitive or not.
As an example, here is what an Alarm set to trigger when a user goes to Facebook would look like:
If you want to have it trigger only for specific users, you would add the following:
Now if you wanted to tell the Alarm to trigger for everyone except a specific user (for example, someone in Human Resources), we would use the following:
Note: When using conditions that require a change from "Match Any" to "Match All" the following warning will appear:
Now that the Conditions are set, it's time to tell the agent what actions to take when the Alarm is triggered.
There are five main actions that can be set:
- Screen Captures
- Pop-Up Message
- Email Notification
- Webook Notifications
Screen Captures tell the agent to take a screenshot when the alarm is triggered. Advanced accounts have the option to take multiple screenshots at a user-defined interval, with the minimum being 10 seconds.
Pop-Up Messages are on screen notifications administrators can have displayed on the end user's screen if the Alarm is triggered. The message can be custom tailored to whatever the administrator would like and has the option for pre-filled text.
The end user will see a message similar to this on their screen:
Email Notifications allow the administrator to be alerted whenever the Alarm triggers.
The "To" field can be populated by anyone who is listed inside Account > Access.
Just like with Pop Up Messages, the Subject and Email Body field can be prefilled with the fields offered or the administrator can create a custom message.
Webhooks allow administrators to integrate ActivTrak alarms into other applications such as Slack or Zapier.
Simply plug in the URL generated by the destination application and any additional parameters if needed.
Activating the Terminate action on an Alarm tells the agent to close the application that triggered that alarm.
Using the Facebook example from above, if a user were to open Facebook with this Alarm active, the browser would be closed immediately, including non-Facebook tabs the user may have been using.
Lastly, Advanced accounts can have Alarms configured to have an associated Risk Level.
This allows administrators to assign a point value to certain alarms, making it easier to detect and quickly analyze certain behaviors.