As part of Release 3.45.0, we have given new accounts a variety of new default alarms that display the full functionality of our alarm capabilities. All existing accounts can also follow this walkthrough to create the same alarm on your own account!
First, go to the Alarms page on the Dashboard and click on Create New Alarm, type in a title such as "Agent Likely Uninstalled" and select Security Audit.
Once the new alarm page has been brought up, you will see the title you created in the top left.
Under conditions, selecting Match Any will trigger the alarm if any of the conditions are met. For this example, we have selected the conditions Description is Equal To "Agent Successfully Uninstalled" as well as Event Name is Equal To UninstallAgentRemotely. These two actions appear in the Security Audit Log and you will be notified if you select to receive an e-mail.
Once the conditions have been set properly, actions will become configurable. For a Security Audit Alarm, a screenshot and pop-up message are not configurable as this is reporting based on events that happen to the ActivTrak Web Dashboard.
Once a user has been selected to receive the email notification, an email subject and body will need to be set. We have provided an example for you to copy below. Keep in mind that anything with "$" around it, (For example, $Time$) is a variable, and when the email is sent, it will have this information properly filled out.
$AlarmName$ $Time$ $User$ $Description$
$AlarmName$ fired at $Time$
$User$ potentially removed agents remotely for $ActionData$
Event Name: $EventName$
Action Type: $ActionType$