Manage Notifications

Notifications are managed in the Admin tab. Select a notification and click Edit Notification or Duplicate.


icon_section Basic

You can edit a Notification Name and Description to make it easier to filter between different notifications.

icon_section Notification template

Existing Dynamic Group - An existing Dynamic Group will be used to generate notifications. Select a Dynamic Group from the list and click OK.

Dynamic Group Size Changed According to Compared Group - If the number of clients in an observed Dynamic Group changes according to a compared group (either static or dynamic), the notification will be invoked.

Other Event Log Template

This option is used for notifications not associated with a Dynamic Group, but based on system events filtered out from the event log. Select a Log type on which the notification will be based and a Logical operator for filters.

Tracked State - This option notifies you of object state changes in relation to your user-defined filters.


You can change Tracked state and + Add Filter or Logical operator for filters.


icon_section Configuration

Notify every time the Dynamic Group content changes - Enable this to be notified when members of a Dynamic Group are added, removed or changed.

validation-status-icon-warning IMPORTANT

ERA checks the Dynamic Group status once every 20 minutes.

For example, if the first check occurs at 10:00, the other checks are performed at 10:20, 10:40, 11:00. If the Dynamic Group content changes at 10:05 and then changes back at 10:13, during the next check performed at 10:20 ERA does not recognize the previous change and does not notify about it.

Notification time period - Define the time period (in minutes, hours or days) for the comparison with the new state. For example, 7 days ago the number of clients with outdated security products was 10 and the Threshold (see below) was set to 20. If the number of clients with an outdated security product reaches 30, you will be notified.

Threshold - Define a threshold that will trigger the sending of a notification. You can either define a number of clients, or a percentage of clients (members of the Dynamic Group).

Generated message - This is a pre-defined message that will appear in the notification. It contains configured settings in a text form.

Message - Beside the pre-defined message, you can add a custom message (it will appear at the end of the pre-defined message above). This is optional, but it is recommended for better filtering of notifications and overview.


Available options depend on the selected notification template.

icon_section Advanced settings - Throttling

Time-Based Criteria

Specify the Number of ticks to aggregate. This will define how many ticks (trigger hits) are needed in order to activate the trigger. For more specific information, see the Throttling chapter.

Statistical criteria

Statistical criteria application - This option defines the method by which the statistical criteria will be evaluated. Either all of them need to be met (AND), or at least one (OR).

Triggered every No of occurrences - Allow only every X ticks (hits). For example, if you enter 10, only each 10th tick will be counted.

No of occurrences within a time period - Only allow ticks within the defined time period. For example, allow the execution of the task if the event is detected 10x in an hour. Time period - Define the time period for the option described above.

Number of events with symbol - Allow a tick(hit) if X events with the specific symbol are provided. For example, if you enter 10, a tick will be counted for every 10 installations of a certain software. Applies when number of events - Enter a number of events in a row after the last tick to count another tick. For example, enter 10 and a tick will be counted 10 events after the previous tick was counted.

Applies when number of events - The trigger is applied when the ticks are either Received in succession (trigger execution is not taken into account), or Received Since Last Trigger Execution (when the trigger is executed, the number is reset to 0).

icon_section Distribution

Subject - The subject of a notification message. This is optional, but also recommended for better filtering or when creating rules to sort messages.


Send SNMP Trap - Sends an SNMP Trap. The SNMP Trap notifies the Server using an unsolicited SNMP message. For more information, see How to configure an SNMP Trap Service.

Send email - Sends an email message based on your email settings.

Send syslog - You can use ERA to send notifications and event messages to your Syslog server. Also, it is possible to export logs from a client's ESET security product and send them to the Syslog server.

Email addresses - Enter the email addresses of the recipients of the notification messages, separate multiple addresses with a comma (",").

Syslog severity - Choose severity level from the drop-down list. Notifications will then appear with such severity on the Syslog server.

Click Save as to create a new template based on the template you are editing. You will be required to enter a name for the new template.