Creating Custom Alarms

Alarms give administrators a way to capture screenshots or be alerted to specific behaviors on computers running the ActivTrak Agent. Being alerted to these actions make it easy to see what happened and when giving them the tools needed to gain insight into how their team is working.

View Alarms

Log into the web app and use the left sidebar to navigate to Alarms. Any Alarms that have already been created as well as the option to add more will be here.

Note: The default Screenshot alarm "Screenshot every 20s", is listed here as well. It can be toggled on and off, but not deleted. This alarm is also available to enable or disable in Screenshots - Configuration.

 

Creating a New Alarm

1. To start, click on "Create New Alarm" at the top left and then fill out the prompts in the box asking to name the new alarm as well as choose the type of alarm.

There are three types of Alarms:

Activity These alarms will be used to capture screenshots and react to employee behavior.
USB Available on the Advanced plan, these will trigger when a USB storage device is inserted or written to.
Security Audit Also available on the Advanced plan, these can be set to trigger when changes are made to the account. 

This guide focuses on Activity Alarms.

2. After naming the alarm and selecting "Activity" the screen will change and a prompt to enter in conditions will appear. 

3. Next, conditions will need to be added. Alarms function as an IF: THEN statement. If X happens, do Y. Conditions function as the IF part of this equation.

Depending on the goal of the alarm and which triggers will be used, we'll need to tell the alarm to trigger either when ANY of the conditions are met or only if ALL conditions are met.

There are three parts to a Condition:

Field: This section is where the alarm will look to match the conditions given.

Computer Meta description of the website or application.
Description Meta description of the website or application.
Duration (Sec) How long the user is on that activity.
Executable The name of the application or process.
Private IP Address The network to which the computer is connected.
Logon Domain For large installations and Active Directory connected computers, the primary domain is where the user logs in. For local users, this is usually the computer name. This article explains domains in greater detail. 
Primary Domain For large installations and Active Directory connected computers, the primary domain is where the computer is connected.
Title bar Located at the top of a window, displays the name of the website or application being used.
URL The website address, for example, www.google.com.
User The name of the user inside ActivTrak.

Operators: This section tells the agent how to look for the keyword in the selected field.

Contains The keyword is present somewhere in the field.
Does Not Contain The keyword is NOT present somewhere in the field.
Ends with The keyword is the last part of the string in the field.
Equal to The keyword is exactly what is entered in the field. For example "Google.com" will exclude "www.Google.com".
Not Equal to The keyword does not appear in the way it was entered in the field.
Starts with The keyword appears at the beginning of the string.
Greater than For fields with numerical values. For example, if Duration (seconds) is greater than "10", would tell the Alarm to trigger if a user was active for 11 seconds or longer.
Value The keyword or number that the Alarm is looking for in order to trigger. This can be the website name, username, keyword in a title bar or description, or the time in seconds the user is active on a particular window.

 

4. Finally, the Alarm can be toggled to look for the Value to be case sensitive or not.

5. There is also the option to trigger only for specific users, or to tell the Alarm to trigger for everyone except a specific user (for example, someone in Human Resources)

Note: When using conditions that require a change from "Match Any" to "Match All" the following warning will appear:CCA__.png

6. Now that the Conditions are set, it's time to tell the agent what actions to take when the Alarm is triggered.

There are six main actions that can be set:

Screen Captures Screen Captures tell the agent to take a screenshot when the alarm is triggered. Advanced accounts have the option to take multiple screenshots at a user-defined interval, with the minimum being 10 seconds.
Pop-up Messages Pop-Up Messages are on screen notifications administrators can have displayed on the end user's screen if the Alarm is triggered. The message can be custom tailored to whatever the administrator would like and has the option for pre-filled text.
Email Notifications Email Notifications allow the administrator to be alerted whenever the Alarm triggers.The "To" field can be populated by anyone who is listed inside Account > Access. Just like with Pop Up Messages, the Subject and Email Body field can be prefilled with the fields offered or the administrator can create a custom message.
Webhook Notifications Webhooks allow administrators to integrate ActivTrak alarms into other applications such as Slack or Zapier.Simply plug in the URL generated by the destination application and any additional parameters if needed. 
Terminate Activating the Terminate action on an Alarm tells the agent to close the application that triggered that alarm. Using the Facebook example from above, if a user were to open Facebook with this Alarm active, the browser would be closed immediately, including non-Facebook tabs the user may have been using.
Alarm Risk Level This allows administrators to assign a point value to certain alarms, making it easier to detect and quickly analyze certain behaviors. 

CCA1.gif

Was this article helpful?

2 out of 2 found this helpful

Comments

No comments