Manage Notifications

Notifications are managed in the Admin tab. Select a notification and click Edit Notification or Duplicate.

admin_notification_manage

icon_section Basic

You can edit the Notification Name and Description fields to make it easier to filter between different notifications.

icon_section Notification template

Existing Dynamic Group - An existing Dynamic Group will be used to generate notifications. Select a Dynamic Group from the list and click OK.

Dynamic Group Size Changed According to Compared Group - If the number of clients in a Dynamic Group changes according to a compared group (either static or dynamic), the notification will be invoked.

icon_details_hoverNOTE

You can assign a notification only to a Dynamic Group where you have sufficient permissions. Dynamic Groups that are out of your home group will not be visible.

Other Event Log Template

This option is used for notifications not associated with a Dynamic Group, but based on system events filtered out from the event log. Select a log type on which the notification will be based and a logical operator for filters.

Tracked State - This option notifies you of object state changes in relation to your user-defined filters.

icon_details_hoverNOTE

You can change the tracked state and + Add Filter or Logical operator for filters.

icon_section Configuration

Notify every time the Dynamic Group content changes - Enable this to be notified when members of a Dynamic Group are added, removed or changed. ERA checks the Dynamic Group once every 20 minutes.

Notification time period - Define the time period (in minutes, hours or days) for the comparison with the new state. For example, seven days ago the number of clients with outdated security products was ten and the threshold (see below) was set to 20. If the number of clients with an outdated security product reaches 30, you will be notified.

Threshold - Define a threshold that will trigger the sending of a notification. You can either define a number of clients, or a percentage of clients (members of the Dynamic Group).

Generated message - This is a pre-defined message that will appear in the notification. It contains configured settings in text form.

Message - Beside the pre-defined message, you can add a custom message that will appear at the end of the pre-defined message above. This is optional, but it is recommended for better filtering of notifications and overview.

icon_details_hoverNOTE

Available options depend on the notification template you select.

icon_section Advanced settings - Throttling

Aggregation

Aggregation condition is available only for the following notification templates:

Other Event Log Template

Existing Dynamic Group

Number of ticks to aggregate - This will define how many ticks (trigger hits) are needed in order to activate the trigger. For more specific information, see the Throttling chapter.

Time-based criteria

All of the configured conditions must be fulfilled in order to trigger the task.

Aggregate invocations during time period (T2) - Allow triggering once during the specified time period. If for example, this is set to ten seconds and during this time ten invocations occur, only the first would trigger the event.

 

Time ranges (T1) - Allows triggering only within the defined time period. You can add multiple time ranges to the list—they will be sorted chronologically.

 

Statistical criteria

 

Statistical criteria application - Statistical conditions can be combined using either the AND logical operator (all conditions must be fulfilled) or the OR logical operator (the first condition fulfilled triggers the action).

 

Triggered every No of occurrences (S1)- Allows only every x-th trigger hit. For example, if you enter ten, only each tenth triggering will be counted.

 

No of occurrences within a time period (S2) - Allows only triggering within the defined time period. This will define the minimal frequency of events to trigger the task. For example, you can use this setting to allow the execution of the task if the event is detected 10x in an hour. Firing of the trigger causes a counter reset.

Time period - Define the time period for the option described above.

A third statistical condition (Event log criteria) is available only for Other Event Log Template, which can be set in the icon_section Notification template section.

Event log criteria

This criteria are evaluated by ERA as third statistical criteria (S3). The Statistical criteria application operator (AND / OR) is applied to evaluate all three statistical conditions together. It is recommended to use event log criteria in combination with the Generate Report task. All three fields are required for the criteria to work. The buffer of symbols is reset if the trigger is fired and there is a symbol already in buffer.

Symbol - According to Log type, which is set in the Trigger menu, you can choose a symbol in the log which you can then search for. Click Change to display the menu. You can remove the selected symbol by clicking Remove.

Number of events with symbol - Enter the integer number of distinct events with selected symbol to run the task.

Applies when number of events - This sets what type of events would trigger the condition. The available options are:

Received in a Row - Selected number of events must occur in a row. These events must be distinctive.

Received Since Last Trigger Execution - The condition is triggered when the selected number of distinctive events is reached (since last task execution).

 

 

icon_section Distribution

Subject - The subject of a notification message. This is optional, but also recommended for better filtering, or when creating rules to sort messages.

Distribution

Send SNMP Trap - Sends an SNMP Trap. The SNMP Trap notifies the Server using an unsolicited SNMP message. For more information, see How to configure an SNMP Trap Service.

Send email - Sends an email message based on your email settings.

Send syslog - You can use ERA to send notifications and event messages to your Syslog server. Also, it is possible to export logs from a client's ESET product and send them to the Syslog server.

Email addresses - Enter the email addresses of the recipients of the notification messages, separate multiple addresses with a comma (",").

Syslog severity - Choose the severity level from the drop-down menu. Notifications will then appear with such severity on the Syslog server.

Click Finish to create a new template based on the template you are editing. You will be required to enter a name for the new template.