To help us become better, please login to ActivTrak

Log in

Agent Potentially Uninstalled

As part of Release 3.45.0, we have given new accounts a variety of new default alarms that display the full functionality of our alarm capabilities. All existing accounts can also follow this walkthrough to create the same alarm on your own account!

First, go to the Alarms page on the Dashboard and click on Create New Alarm, type in a title such as "Agent Likely Uninstalled" and select Security Audit.

mceclip0.png

Once the new alarm page has been brought up, you will see the title you created in the top left. 

Under conditions, selecting Match Any will trigger the alarm if any of the conditions are met. For this example, we have selected the conditions Description is Equal To "Agent Successfully Uninstalled" as well as Event Name is Equal To UninstallAgentRemotely. These two actions appear in the Security Audit Log and you will be notified if you select to receive an e-mail.

mceclip1.png

Once the conditions have been set properly, actions will become configurable. For a Security Audit Alarm, a screenshot and pop-up message are not configurable as this is reporting based on events that happen to the ActivTrak Web Dashboard. 

mceclip2.png

Once a user has been selected to receive the email notification, an email subject and body will need to be set. We have provided an example for you to copy below. Keep in mind that anything with "$" around it, (For example, $Time$) is a variable, and when the email is sent, it will have this information properly filled out.

Subject:

 $AlarmName$ $Time$ $User$ $Description$

Email Body:

$AlarmName$ fired at $Time$
$User$ potentially removed agents remotely for $ActionData$


Description: $Description$
Event Name: $EventName$
Action Type: $ActionType$

Was this article helpful?
0 out of 0 found this helpful

Tyler Winn
Comments