Question

Alerting

  • 21 July 2023
  • 3 replies
  • 172 views

Badge

I know this has been a topic for some time, and currently my understanding is that Automox can generate some email alerts, but we want to have more focused alerting integrated with our ITSM system.

We’re currently working on hitting the API to create tickets for things like

  • Detecting endpoints that have not been connected for X number of days
  • Detecting endpoints that are unmanaged and need to be assigned a policy
  • Detecting policies that have been out of X% compliance for Y number of days 

Some of this can get quite complex as we have to take the X number of days logic outside Automox and therefore have a method of tracking this. For example if a bunch of new updates are released we wouldn’t want to alert immediately on a policy being out of compliance, therefore we want to have some level of delay, while still picking up issues where remediation actions may need to be taken to bring a policy back into compliance. 

As a managed service provider, going through dashboard to see this isn’t an efficient or consistent enough process. 


3 replies

Userlevel 2

Hello Jeremy,

Currently, the following email alerts can be configured at the user level:

  • Devices Added to Automox
  • Devices Removed from Automox
  • Devices Successfully Patched
  • Devices Failed to Patch
  • Weekly Digest of Automox Activity

There are certainly opportunities where our reports can improve. In the meantime, please consider the following.

To detect/evaluate if a device has not connected in, say, 7 days, you can try the following code in conjunction with this API call:

https://developer.automox.com/openapi/axconsole/operation/getDevices/

# Function to check if a date is more than 7 days ago

function IsMoreThan7DaysAgo($dateTimeString) {

    $dateTime = [System.DateTime]::Parse($dateTimeString)

    $timeDifference = (Get-Date) - $dateTime

    return $timeDifference.TotalDays -gt 7

}

# Example usage

$lastDisconnectTime = "2023-07-12T19:08:27+0000"

if (IsMoreThan7DaysAgo $lastDisconnectTime) {

    Write-Host "The last disconnect time is more than 7 days ago."

} else {

    Write-Host "The last disconnect time is within the last 7 days."

}

 

That same API call, with the filter managed=0, can be used to detect endpoints that are unmanaged and need to be assigned a policy.

For alerting on non-compliance of devices past X number of days, you can utilize the Pre-Patch Report API call (https://developer.automox.com/openapi/axconsole/operation/getPrePatchReport/) and perform that same calculation as above based on the createTime of the patch.

 

Kind regards.

Badge

Awesome - thanks Elmer. 

We’re also pulling policy data as per the following screen shot and looking to use the following calculation to determine if the policy is within 95% compliance. 

if (non-compliant/(compliant+non-compliant)) < .95)

 

Can you clarify if the pending state is a non-mutually exclusive state, therefore a device can be noncompliant and pending, or compliant and pending?

 

We will have a look Pre-patch report. Thanks for that! 

 

If you developed some standard alerts on this sort of thing that could also be triggered as webhooks, or queried as APIs, that would be awesome so we could integrate with platforms of our choice. 

 

Thanks

Userlevel 2

A Device can either be ‘Compliant’ (fully patched / no pending patches) or ‘Pending’ (a.k.a ‘Non-compliant’).

Reply