ESET Online Help

Search
Select the topic

Scan

Create a monitoring policy to monitor the last Scan status of your devices' supported ESET security products. (Optional) Include automatic action as a task to be performed based on the monitoring alert.

1.From the left-hand side menu, click Sites > All Sites and then select the desired site.

2.Click Policies.

datto_policies_01

3.Click the Create Policy button.

4.Type policy Name and Description.

5.Select policy Scope. If you select Site, confirm the desired site name in the search window below.

6.Select policy Type to Monitoring from the drop-down menu.

7.In the Monitors section, click the Add Monitor button.

8.In the Monitor Type section, click the Select button. In the Select a Monitor window, click the Select button next to Component.

9.In the Alert section, click the Select a Component Monitor button.

10. In the Device Monitor Components window, click the Select button next to the desired ESET Direct Endpoint Management - Monitor [XXX] component.


note

OS-specific components

Select a desired operating system component: Windows [WIN], macOS [MAC] or Linux [LIN].

11. In the Configure the Monitor alert criteria for your monitor component, next to Variables, click the check box next to Scan only.

12. Select the User-Defined Field esetProductStatusUDF, esetProtectionStatusUDF, esetProtectDetailsUDF and esetThreatScanStatusUDF you previously configured in the User-Defined Fields from the drop-down menu by mapping the correct field line number.


note

UDF updates

Selecting all User-Defined Fields ensures they are updated on each monitoring run.

13. For the Execute the Component Monitor every (minutes), set the runtime interval in minutes. For example, every 20 minutes.

14. For the Raise an alert of priority, select the desired priority. For example, High.

15. For the Auto resolve the alert if it is no longer applicable, set the desired time interval. For example, After 1 week.


warning

Scan auto-resolution timing

If the scan monitoring is running and detects a scan issue, it will return the monitoring with the issue detected. When you run monitoring again shortly afterward the new scan monitoring run will check only logs since the last monitoring run and will not detect the previous issue again. We recommend setting longer time intervals for auto-resolve scan monitoring.

16. (Optional) You can configure automatic action in a form of task to be performed based on the monitoring alert. In the Response section, click the Run a Component toggle. In the Component Library window, click the Select button next to the desired ESET Direct Endpoint Management - Tasks [XXX] component.


note

OS-specific components

Select a desired operating system component: Windows [WIN], macOS [MAC] or Linux [LIN].

17. Select the desired Task from the drop-down menu. Configure other task variables if necessary, overriding both global and site-specific variables.


example

Example response

For the Scan monitoring alert, configure the Scan task to automatically scan any device without a recent successful scan run.

18. (Optional) Click the Send an email toggle, to send an email alert to one or multiple recipients. Configure the email Subject line and Recipients.

19. (Optional) Click the Send a webhook toggle to send a notification When alert is triggered (by default) or When alert is resolved (optional). Configure the webhook URL, Content Type and the Alert raised payload.

20. Click Add Monitor.


note

Multiple monitors

You can add other monitors to the same policy to perform additional actions. Click the Add Monitor button again.

21. (Optional) In the Targets section, click the Add Target button to specify the target devices for this policy. By default this policy will run on all devices in the selected site (step 5), but you can specify targets further by selecting one of the options from the next window. For example, All Windows Desktops in the selected site.


note

Multiple targets

You can add other targets to the same policy. Click the Add Target button again.

22. (Optional) In the Enabled section click the Disabled button to disable the policy for now. The created policy is enabled by default.

23. Click the Save and deploy now button. In the next window click Confirm.

A short confirmation message, "Policy saved successfully", will appear.