Connect with us

Cyber Security

Comodo One. Understanding monitors in ITSM

Avatar

Published

on

Monitors in ITSMReading Time: 28 minutes

Comodo One. Understanding monitors in ITSM

What is ‘Monitoring’ in ITSM profiles ?

Monitoring settings allow administrators to define performance and availability conditions for various events and services. For example, you can monitor free disk space, service and web page availability, CPU/RAM usage and more. An alert will be triggered if the conditions are breached. You can also configure procedures to take remedial actions immediately.

How to configure ‘Monitors’ in profiles?

Step 1. Go to Configuration templates > profiles >Click “Profile” applied to device that requires monitoring.

Step 2. Choose ‘Monitoring’ from the ‘Add Profile Section’ drop-down. The ‘Monitoring’ screen will be displayed.

Step 3. Enter details for “General” tab as below,

1.’Monitoring Name’ – Enter name for the monitoring configuration.

2.’Description’ – Describe few words about your monitoring configuration.

3.’Trigger alert any’ – Choose any one of drop down options mentioned below,

a.’ Any of the conditions are met ‘- Choose this option if you want alert when any of the condition satisfied.
b.’All of the conditions are met ‘- Choose this option if you want alert when all conditions satisfied.

4.’Use alert settings’ – Select “Alert settings” from search box for this monitor.

5.’ Auto Remediation on alert ‘ – choose any of the options as mentioned below,

a.’Take no action’ – Select this option if no action needs to done upon “Monitor alert”
b.’Run below procedure’ – Select “Procedure” from search box to run upon alert.

Step 4. Click ‘Add Condition’ . Select condition from drop down menu shown.

1. For example : Select “Ping” condition to monitor ping status for the host.

Step 5. Fill condition details as mentioned below,

1.’Host Name’ – Enter host machine name or IP address to be checked.

2.’Condition’ – Choose option as described below,

a.’is down’ – Select this option if you want to generate alert when host is down.
b.’is online’- Select this option if you want to generate alert when host is available.

3.’During’ – Specify time period for which condition to be monitored .

a. Select ‘sec’ to monitor condition for specified seconds.
b. Select ‘min’ to monitor condition for specified minutes.

4.Click ‘Create’ to save changes.

Step 6. Repeat step 4 to add additional conditions to the monitoring. All monitor conditions will be listed for each ‘Monitoring’.

monitor_prof1

Step 7. To remove a monitoring condition, select the check box beside it and click ‘Remove Condition’ at the top.

monitor_prof2

Step 8. Click ‘Save’ to apply changes for the monitoring. Monitoring conditions will be applied to devices where current profile applied.

How to check monitoring logs?

Step 1. To check monitoring logs go to devices >Device list > click Device

Step 2. Navigate to ‘Monitoring logs’ in the device details

Step 3. Click ‘Details’ and check ‘How many times the monitor ran still?’ with Time of log item, Status of the log and Output of the log (Additional Info)

Note:

  1. 1. If the status column has OFF, the monitor ran but the threshold level is not reached
  2. 2. If the status column has ON, the monitor ran and the threshold level is reached
  3. 3. Additional Info have the required details, for example, when we analyze a sample result of ‘Additional Info’
    1. a. RAM Monitor : Threshold is GREATER THAN 75 %- Usage is 90 % AND CPU Monitor : Threshold is GREATER THAN 75 % – Usage is 6 %
    2. b. We get the below useful details
      1. i. Type of Monitor: RAM Monitor
      2. ii. Threshold Value: 75%
      3. iii .Actual Usage Value: 90%
      4. iv. Whether the Monitor has one or more Conditions: 2 Conditions (by the keyword sperator AND)
      5. v. Which Condition has triggered alert: Threshold is GREATER THAN 75 %- Usage is 90 % (First one)
      6. vi. Whether the condition is any of one or all to be met: Any of one

Step 4: Go to Tickets tab and find all tickets which are raised by the monitor.

  1. 1. Use the ticket-URL to check out the details of the ticket.

How to monitor CPU/RAM/Network performance in devices?

Performance monitor checks the usage of CPU, RAM and Network on devices and trigger an alert if the conditions are met.

Step 1. Go to Configuration templates > profiles and Click profile applied to your devices

Step 2. i. Go to Step 3 for existing monitoring configuration.

  1. ii. To create monitoring, add monitoring component from ‘Add profile option’ and configure monitoring settings.

Step 3. Navigate to Monitoring tab. Click Monitoring name that requires changes

Step 4. Click ‘Edit button’ . Enter details for “General” tab as below,

1. ‘Monitoring Name’ – Enter name for the monitoring configuration.

2. ‘Description’ – Describe few words about your monitoring configuration.

3. ‘Trigger alert any’ – Choose any one of drop down options mentioned below,

a.’ Any of the conditions are met ‘- Choose this option if you want alert when any of the condition satisfied.b.’All of the conditions are met ‘- Choose this option if you want alert when all conditions satisfied.

4.’Use alert settings’ – Select “Alert settings” from search box for this monitor.

5.’ Auto Remediation on alert ‘ – choose any of the options as mentioned below,

a.’Take no action’ – Select this option if no action needs to done upon “Monitor alert”
b.’Run below procedure’ – Select “Procedure” from search box to run upon alert.

Step 5. Click ‘Add Condition’ Select ‘Performance’ condition in drop down.

Step 6. You can add monitoring conditions of CPU/RAM/Network for the profile as mentioned below,

1. ‘Parameter usage’ – select any of the option as described below,

a. Select ‘CPU Usage’ to monitor conditions for ‘CPU’ performance for the given time period. This parameter can be monitored in Percentage units.
b. Select ‘RAM Usage’ to monitor conditions for ‘RAM’ memory usage for the given time period. This parameter can be monitored in Percentage,Megabytes and Gigabytes Units.
c. Select ‘Network Usage’ to monitor conditions for ‘Network’ usage for the given time period. This parameter can be monitored in Percentage units.

2. ‘Condition’ – Select any of the option as explained below,

a. More than – Select this condition to trigger alert if greater than specified value reached.
b. Equals to – Select this condition to trigger alert if parameter equals specified value.
c. Less than – Select this condition to trigger alert if parameter value down to less than specified value.
d. More than or equals to -Select this condition to trigger alert if parameter equals specified value as well as exceeds the specified value.
e. Less than or equals to -Select this condition to trigger alert if parameter equals specified value as well as down to the specified value

3. Value – Specify threshold value for the parameters with desired units. Value should be in numerical.

a.% – Select % to monitor parameter condition in Percentage units.
b. GB – Select GB to monitor parameter condition in Gigabytes units.
c. MB – Select MB to monitor parameter condition in Megabytes units.

4. ‘During’ – Specify time period for which condition to be monitored.

a. Select ‘sec’ to monitor condition for specified seconds.
b. Select ‘min’ to monitor condition for specified minutes.

5. Example, to monitor RAM usage for more than 600 MB in 10 minutes time interval,

a. Select ‘RAM usage’ option under parameter.
b. Choose condition ‘More than or equals to’
c. Enter 600 in the value and choose ‘MB’ as value type.

6.Click ‘Create’ to save the monitor condition.

Step 7. The monitoring parameters added for the profile will be listed.

Step 8. Click ‘Save’ to apply changes for the monitoring. Monitoring conditions will be applied to devices where current profile applied.

How to Monitor Processes in devices?

Step 1: Go to ITSM > Configuration Templates > Profiles

Step 2: Choose profile if exist, if not exist then create a new profile then continue.

Step 3: Select ‘Monitoring’ from ‘Add Profile Section’

Step 4: Fill the form of General tab.

1. Enter name in ‘Monitoring Name’, Example: Monitor RMM

2. Enter description in ‘Description’, Example: This setup monitors process of rmm.exe of the target computer

3. Choose any of one from ‘Trigger an alert if’

a. Select ‘Any of the conditions are met’ if to trigger alert when any condition become true
b. Select ‘All of the conditions are met’ if to trigger alert when all conditions become true

4. 4.Type and select custom alert from ‘Use Alert Settings’ if you want to get alerted based on the existing setting otherwise leave it blank. Example: TriggerAtMonitoringProcess

a. If expected alert is not already created then create a new alert and continue

5. Select any of one from ‘Auto Remediation on alert’

a. Select ‘Take no action’ if you want to take no action belongs to alert
b. Select ‘Run below procedure’, type the script name and select the appropriate script if you want to automatically fix the alert. Example: Get Running Tasks from Task Scheduler

Step 5: Select ‘Conditions’ tab.

Step 6: Select ‘Process’ from ‘Add Condition’ button.

Step 7: Fill the pop-up form loads there.

1. Enter the Process Name. Example: rmm.exe

2. Choose any Condition from the list as per your preference

a. Select ‘is running?’ if you want to monitor running process
b. Select ‘is not running?’ if you want to monitor the process that is not running

3. Click ‘Create’ button to complete the form submission
**Repeat the step 6 and step 7 to create monitor for multiple processes

Step 8: Click ‘Save’ button to save the Monitoring Settings.

Step 9: Go to ITSM > Devices > Device List.

Step 10: Select any Device from the list.

Step 11: Click Manage Profiles

Step 12: Click Add Profiles

Step 13: Choose profile created for monitoring processes and Save the changes. Example: MonitorProcesses

How to Monitor Events in Devices?

Step 1: Go to ITSM > Configuration Templates > Profiles.

Step 2: Choose profile if exist, if not exist then create a new profile then continue.

Step 3: Select ‘Monitoring’ from ‘Add Profile Section’.

Step 4: Fill the form of General tab.

1. Enter name in ‘Monitoring Name’, Example: Monitor Events

2. Enter description in ‘Description’, Example: This setup monitors Events of the target computer

3. Choose any of one from ‘Trigger an alert if’

a. Select ‘Any of the conditions are met’ if to trigger alert when any condition become true
b. Select ‘All of the conditions are met’ if to trigger alert when all conditions become true

4. Type and select custom alert from ‘Use Alert Settings’ if you want to get alerted based on the existing setting otherwise leave it blank. Example: TriggerAtMonitoringEvents

a. If expected alert is not already created then create a new alert and continue

5. Select any of one from ‘Auto Remediation on alert’

a. Select ‘Take no action’ if you want to take no action belongs to alert
b. Select ‘Run below procedure’, type the script name and select the appropriate script if you want to automatically fix the alert. Example: Get Running Events

Step 5: Select ‘Conditions’ tab.

Step 6: Select ‘Event’ from ‘Add Condition’ button.

Step 7: Fill the pop-up form loads there.

1. Select Event ID or Level or Source from Parameter

2. If Event ID

a. Enter the ID value on ‘Value is equal to’., Example: 12345

3. If Level

a. Choose Level – Critical Error or Error or Warning or Information or Verbose on ‘Value is equal to’. Example: Critical Error

4. If Source

a. Enter the source value on ‘Value is equal to’. Example: wininit

5. Click ‘Create’ button
**Repeat the step 6 and step 7 to create monitor for multiple events.

Step 8: Save the monitoring.

Step 9: Go to ITSM > Devices > Device List.

Step 10: Select any Device from the list

Step 11: Click Manage Profiles.

Step 12: Click Add Profiles

Step 13: Choose profile created for monitoring process or processes and Save the changes. Example: Monitor Events

How to monitor a TCP connection from Devices?

Step 1: Go to ITSM > Configuration Templates > Profiles.

Step 2: Choose profile if exist, if not exist then create a new profile then continue.

Step 3: Select ‘Monitoring’ from ‘Add Profile Section’

Step 4: Fill the form of General tab.

1. Enter name in ‘Monitoring Name’, Example: Monitor TCP Connection

2. Enter description in ‘Description’, Example: This setup monitors TCP Connection of the target computer

3. Choose any of one from ‘Trigger an alert if’

a .Select ‘Any of the conditions are met’ if to trigger alert when any condition become true
b. Select ‘All of the conditions are met’ if to trigger alert when all conditions become true

4. Type and select custom alert from ‘Use Alert Settings’ if you want to get alerted based on the existing setting otherwise leave it blank. Example: TriggerAtMonitoringTCPConnection

a. If expected alert is not already created then create a new alert and continue

5. Select any of one from ‘Auto Remediation on alert’

a. Select ‘Take no action’ if you want to take no action belongs to alert
b. Select ‘Run below procedure’, type the script name and select the appropriate script if you want to automatically fix the alert. Example: Get Running TCP Connections

Step 5: Select ‘Conditions’ tab.

Step 6: Select ‘TCP’ from ‘Add Condition’ button

Step 7: Fill the pop-up form loads there.

1. Select Hostname or IP Address from Parameter.

2. Enter the value at ‘Is Equal to’. Example: 10.109.51.125

3. Enter the port number in ‘Port’. Example: 2424

4. Select any of one from Condition

a. Is Open
b. Is Closed

5. Enter the required number of seconds or minutes in ‘During’.

a. Select ‘sec’ or ‘min’ for During’ value. Example: 5 or Sec

6. Click ‘Create’ button.
**Repeat the step 6 and step 7 to create monitor for multiple TCP connections

Step 8: Save the monitoring.

Step 9: Go to ITSM > Devices > Device List.

Step 10: Select any Device from the list.

Step 11: Click Manage Profiles.

Step 12: Click Add Profiles.

Step 13: Choose profile created for monitoring process or processes and Save the changes. Example: Monitor TCP

How to Monitor content of a web page from Devices?

Step 1: Go to ITSM > Configuration Templates > Profiles.

Step 2: Choose profile if exist, if not exist then create a new profile then continue.

Step 3: Select ‘Monitoring’ from ‘Add Profile Section’.

Step 4: Fill the form of General tab.

1. Enter name in ‘Monitoring Name’, Example: Monitor a Web Page

2. Enter description in ‘Description’, Example: This setup monitors a Web Page from the target computer

3. Choose any of one from ‘Trigger an alert if’

a. Select ‘Any of the conditions are met’ if to trigger alert when any condition become true
b. Select ‘All of the conditions are met’ if to trigger alert when all conditions become true

4. Type and select custom alert from ‘Use Alert Settings’ if you want to get alerted based on the existing setting otherwise leave it blank. Example: TriggerAtMonitoringWebPage

a. If expected alert is not already created then create a new alert and continue

5. Select any of one from ‘Auto Remediation on alert’

a. Select ‘Take no action’ if you want to take no action belongs to alert
b. Select ‘Run below procedure’, type the script name and select the appropriate script if you want to automatically fix the alert. Example: Get Running Web Page

Step 5: Select ‘Conditions’ tab.

Step 6: Select ‘Web Page’ from ‘Add Condition’ button.

Step 7: Fill the pop-up form

1. Enter web page URL in ‘URL’. Example: https://technet.microsoft.com/en-us/security/bulletins.aspx

2. Select equals or not equals or contains or not contains from ‘Condition’. Example: Contains

3. Enter the content in ‘Content’. Example: 3198467

4. Enter the required number of seconds or minutes in ‘During’. Example: 5

a. Select sec or min from the list box. Example: sec

5. Click ‘Create’ button
**Repeat the step 6 and step 7 to create monitor for multiple web pages

Step 8: Save the monitoring.

Step 9: Go to ITSM > Devices > Device List

Step 10: Select any Device from the list

Step 11: Click Manage Profiles.

Step 12: Click Add Profiles.

Step 13: Choose profile created for monitoring process or processes and Save the changes. Example: Monitor Web Page

How to monitor File Size in devices?

Monitors changes in the size of a file and also triggers the alert when the specified conditions are met.

Step 1: To Set Monitoring, Go to ITSM ? Configuration Templates and click Profiles.

Step 2 : Choose the profile of your device from the list and if the profile does not exists, create a new profile and continue.

Step 3 : Follow below options,

1. Add Monitoring Column by Clicking “Add a Profile Section “ -> Monitoring.

2. Go to Monitoring tab -> “Add Monitoring “ and Enter the Name for monitoring and its Description in their respective fields.

monitor_file1_add

Step 4 : Go to “General Tab “, configure alert settings as below,

1.Choose desired action from “ the trigger an alert if “ drop down

a. Any of the conditions are met – when any of the condition that you have mentioned is met
b. All of the conditions are met – when all of the conditions that you have mentioned are met

2.Apply the custom alert created for the monitoring using “Use Alert Setting. Example: File size.

3.The remedy action for the triggered alert can be set by technician by either opting to “Take no action” or choose run below procedure for fix using ‘Auto remediation alert’.

a. Take no action – No remedy action are defined for the triggered alert.

b. Run Below Procedure – Assign procedure as a remedy for the triggered alert by entering the name in the respective field. Example : Clean Up Downloads folder in all User Accounts.

monitor_file4a

monitor_file4b

Step 5 : After configuring General tab ,Go to “Condition Tab“. To add condition for monitoring the file size in devices follow below steps,

1. Click ” Add Condition ” and select File size.

2. Enter file path. Example: C:/Users/Root/Downloads/instalwin.log

3. Set the conditions

a. Less than – Alert triggers when the file size is less than mentioned value .
b. Equal to – Alert triggers when the file size is equal to the mentioned value.
c. Greater than – Alert triggers when the file size is greater than the mentioned value

4. Value – The Maximum or minimum value of file size can be entered . Example: 55 KB / 55 MB / 55GB

monitor_file5a

monitor_file5b

Step 6: Click ‘Create’ and the monitoring parameters will be listed.

Step 7: Click ‘Save’ to apply changes.

Step 8: Go to Devices -> Device List.

Step 9: Select a Device. Go to Manage Profiles -> Add profiles -> select a profile name and save.

How to Monitor Folder size in Devices? 

Monitors changes in the size of a folder and also triggers the alert when the specified conditions are met.

Step 1: To set Monitoring, Go to ITSM ? Configuration Templates ->Profiles.

Step 2 : choose a profile of you device and if the profile does not exists create new profile and continue.

Step 3: Follow below options,

1. Add Monitoring Column by clicking “Add a Profile Section“ -> Monitoring.

2. Go to Monitoring tab -> “Add Monitoring“ and Enter the Name for monitoring and its Description in their respective fields.

monitor_folder2

Step 4: Go to “General Tab“ , configure alert settings as below,

1. Choose desired action from “the trigger an alert if “ drop down

a. Any of the conditions are met – when any of the condition that you have mentioned is met
b. All of the conditions are met – when all of the conditions that you have mentioned are met

2. Apply the custom alert created for the monitoring using “Use Alert Setting. Example: Folder size.

3.The remedy action for the triggered alert can be set by technician by either opting to “Take no action” or choose run below procedure for fix using ‘Auto remediation alert’.

a. Take no action – No remedy action are defined for the triggered alert .
b. Run Below Procedure – Assign procedure as a remedy for the triggered alert by entering the name in the respective field.
c. Example: Clean Up Downloads folder in all User Accounts.

monitor_folder3a

monitor_folder3b

monitor_folder3c

Step 5 : After configuring General tab ,Go to “Condition Tab“ : To add condition for monitoring the folder size in devices follow below steps,

1. Click ” Add Condition ” and select Folder size.

2. Enter file path. Example : C:/Users/Root/Downloads

3. Set the conditions

a. Either Less than – Alert triggers when the file size is less than mentioned value.(or)
b. Equal to – Alert triggers when the file size is equal to the mentioned value.(or)
c. Greater than – Alert triggers when the file size is greater than the mentioned value

4. Value – The Maximum or minimum value of file size can be entered in any of the terms such as KB/MB/GB. Example: 1000 MB

monitor_folder4a

monitor_folder4b

Step 6: Click ‘Create’ and the monitoring parameters will be listed.

Step 7: Click ‘Save’ to apply changes.

Step 8: Go to Devices -> Device List .

Step 9: Select a Device . Go to Manage Profiles -> Add profiles -> select a profile name and save

monitor_folder5a

monitor_folder5b

How to Monitor Disk Free space in devices?

Monitors changes in the available free spaces in the disk and also triggers the alert when the specified conditions are met .

Step 1: To set Monitoring, Go to ITSM ? Configuration Templates ->Profiles.

Step 2 : choose a profile of you device and if the profile does not exists create new profile and continue.

monitor_disk1

Step 3 : Follow below options,

1. Add Monitoring Column by Clicking “Add a Profile Section “ -> Monitoring.

2. Go to Monitoring tab -> “Add Monitoring “ and Enter the Name for monitoring and its Description in their respective fields.

monitor_disk2

Step 4 : Go to “General Tab“, configure alert settings as below,

1. Choose desired action from “ the trigger an alert if “ drop down

a. Any of the conditions are met – when any of the condition that you have mentioned is met
b. All of the conditions are met – when all of the conditions that you have mentioned are met

2. Apply the custom alert created for the monitoring using “Use Alert Setting. Example: Free disk space.

3.The remedy action for the triggered alert can be set by technician by either opting to “Take no action” or choose run below procedure for fix using ‘Auto remediation alert’.

a. Take no action – No remedy action are defined for the triggered alert .
b. Run Below Procedure – Assign procedure as a remedy for the triggered alert by entering the name in the respective field. Example : Clean Up Downloads folder in all User Accounts .

monitor_disk3a

monitor_disk3b

monitor_disk3c

Step 5: After configuring General tab ,Go to “Condition Tab “ : To add condition for monitoring the free disk space in devices follow below steps,

1. Click ” Add Condition ” and select Disk

2. Select Parameter

a. Free space left on system drive – The alert triggers when the free spaces left on system drive reached the mentioned condition .
b. Free space left on all drivers – The alert triggers when the Free space left on all drivers reached the mentioned condition .c. Free space change on system drive – The alert triggers when the Free space change on system drive reached the mentioned condition

3. Set the conditions

a. More than – Select this condition to trigger alert if greater than specified value reached.
b. Equals to – Select this condition to trigger alert if parameter equals specified value.
c. Less than – Select this condition to trigger alert if parameter value down to less than specified value.
d. More than or equals to -Select this condition to trigger alert if parameter equals specified value as well as exceeds the specified value.
e. Less than or equals to -Select this condition to trigger alert if parameter equals specified value as well as down to the specified value

4. Value – The Maximum or minimum value of file size can be entered . Example : 55 KB / 55 MB / 55GB

monitor_disk7

monitor_disk4

Step 6: Click ‘Create’ and the monitoring parameters will be listed.

Step 7: Click ‘Save’ to apply changes.

Step 8: Go to Devices -> Device List.

Step 9: Select a Device . Go to Manage Profiles -> Add profiles -> select a profile name and save.

monitor_disk9

monitor_disk10

How to monitor Services in devices?

Monitors changes in the size of a folder and also triggers the alert when the specified conditions are met.

Step 1: To set Monitoring, Go to ITSM ? Configuration Templates ->Profiles.

Step 2: Choose a profile of you device and if the profile does not exists create new profile and continue.

monitor_service1

Step 3: Follow below options,

1. Add Monitoring Column by clicking “Add a Profile Section“ -> Monitoring.

2. Go to Monitoring tab -> “Add Monitoring“ and Enter the Name for monitoring and its Description in their respective fields.

monitor_service2

Step 4 : Go to “General Tab“, configure alert settings as below,

1. Choose desired action from “ the trigger an alert if “ drop down

a. Any of the conditions are met – when any of the condition that you have mentioned is met
b. All of the conditions are met – when all of the conditions that you have mentioned are met

2. Apply the custom alert created for the monitoring using “Use Alert Setting. Example: Services.

3. The remedy action for the triggered alert can be set by technician by either opting to “Take no action” or choose run below procedure for fix using ‘Auto remediation alert’.

a. Take no action – No remedy action are defined for the triggered alert.
b. Run Below Procedure – Assign procedure as a remedy for the triggered alert by entering the name in the respective field. Example: Clean Up Downloads folder in all User Accounts.

monitor_service3a

monitor_folder3b

monitor_service3cStep 5: After configuring General tab ,Go to “Condition Tab“: To add condition for monitoring the service in devices follow below steps,

1. Click ” Add Condition ” and select Service.

2. Enter service name – Enter the any service name that you would like to monitor .Example: Parameter = CesmAgentService

3. Set the conditions

a. Is Running – The alert is triggered when the service is running state
b. Is Not Running – The alert is triggered when the service is not running. Condition = Is Not Running

monitor_service7

monitor_service4

Step 6: Submit the parameters by clicking ‘Create’ button.

Step 7: Click ‘Save’ button.

Step 8: Go to Devices -> Device List.

Step 9: Select a Device. Go to Manage Profiles -> Add profiles -> select a profile name and click Save icon.

monitor_service9

How to Monitoring the Ping in device?

Step 1: To set Monitoring, Go to ITSM ? Configuration Templates ->Profiles.

Step 2 : choose profile of your device and if the profile does not exists create new one . Example: Monitor Processes.

Step 3 : Follow below options,

1. Add Monitoring Column by Clicking “Add a Profile Section“ -> Monitoring.

2. Go to Monitoring tab -> “Add Monitoring“ and Enter the Name for monitoring and its Description in their respective fields.

monitor_ping2

Step 4: Go to “General Tab“, configure alert settings as below,

1. Choose desired action from “ the trigger an alert if “ drop down

a. Any of the conditions are met – when any of the condition that you have mentioned is met
b. All of the conditions are met – when all of the conditions that you have mentioned are met

2. Apply the custom alert created for the monitoring using “Use Alert Setting. Example: Ping

3.The remedy action for the triggered alert can be set by technician by either opting to “Take no action” or choose run below procedure for fix using ‘Auto remediation alert’.

a. Take no action – No remedy action are defined for the triggered alert .
b. Run Below Procedure – Assign procedure as a remedy for the triggered alert by entering the name in the respective field. Example: Clean Up Downloads folder in all User Accounts.

monitor_ping3

monitor_ping3bStep 5: After configuring General tab, go to “Condition Tab“: To add condition for monitoring the ping in devices follow below steps,

1. Click ” Add Condition ” and select Ping

2. Enter Host name. Example: 10.108.51.125

3. Set the conditions

a. Is Down – when the system is going down , the alert will be triggered.
b. Is Online – When the system is going Online , the alert will be triggered.
c. During – Define the time limit. Example: 5 mins /5 sec

monitor_ping4a

monitor_ping4b

Step 6: Click ‘Create’ and the monitoring parameters will be listed.

Step 7 Click ‘Save’ to apply changes.

Step 8: Go to Devices -> Device List.

Step 9: Select a Device . Go to Manage Profiles -> Add profiles -> select a profile name and save.

monitor_ping5

Save

How to monitor online/offline status of devices

The state of availability of a device can be known by setting the “Device status” monitor in ITSM. This monitoring allows the user to check whether the device is connected or disconnected for a certain amount of time. If the condition achieved, the user will be notified with an alert. In addition to triggering an alert, a user can call a procedure automatically as an act of remedy.

Use cases:

Device Online status can be checked for devices of sales representative who uses devices for limited period of time.
Device offline status can be checked for server devices which is set be always up.

Step 1: To set Monitoring, Go to ITSM ? Configuration Templates ?”Profiles” menu and go to “Profiles” Tab.

Step 2: Choose a profile applied to your devices which requires monitoring for online/offline status. Example: Standard Updates Management Profile.

Step 3: Add a Device Status ‘Monitoring’ to the profile as mentioned in the below steps,

  1. i. Add a monitoring column to the profile by clicking “Add a Profile Section“ -> ‘Monitoring’.
  2. ii. Go to ‘Monitoring’ tab -> “Add Monitoring“ and enter the Name for monitoring and its Description in their respective fields.

Step 4: Go to “General Tab“, configure alert settings as below,

  1. 1. Choose the desired action from “ the trigger an alert if “ drop-down
    1. i. Any of the conditions are met – when any of the conditions that you have mentioned is met.
    2. ii. All of the conditions are met – when all of the conditions that you have mentioned are met.
  2. Example :All of the conditions are met
  3. 2. Apply the custom alert created for the monitoring using “Use Alert Setting.
  4. Example: Sales department alert
  5. 3. The remedy action for the triggered alert can be set by the technician by either opting to “Take no action” or choose run below procedure for fix using ‘Auto remediation alert’.
    1. i. Take no action – No remedy action are defined for the triggered alert.
    2. ii. Run Below Procedure – Assign an existing procedure as a remedy for the triggered alert by entering the name in the respective field.
    3. Example: Send notification to logged in user

Step 5: After configuring General tab, go to “Condition Tab “ and then follow below steps,
Click ” Add Condition” button and Device Status from the drop-down.
In the ‘Add Condition Dialog’ box, set the conditions and click ‘Create’ button.

    1. i. Device is Online – Select this option, if you want to check if the device is online
    2. ii. Device is Offline -Select this option, if you want to check if the device is offline
    3. iii. Period-Enter the time period in the text box.
    4. Example:
    5. Condition: Device is offline.
    6. Period: 30 Min.

      If the device is in offline for more than the defined time period the alert will be triggered.

Step 6: Click ‘Save ‘button to apply changes to Monitoring.

The created ‘Monitoring’ will be listed.

How to use custom script procedure monitoring

The “Custom script” which will be available now in the “Monitoring” will help you to receive an alert by giving your own conditions. It helps you create your own Custom script for monitoring, Alerts you if the condition has met and also generates the Tickets.

Note : We also have the other custom scripts from the below Webpage (https://forum.mspconsortium.com/forum/script-library/11468-script-monitors-index-page)

Step 1: Go to ‘Configuration Templates’ > ‘Profiles’ > click “Profile” applied to device that requires monitoring.

Step 2: Choose ‘Monitoring’ from the ‘Add Profile Section’ drop-down. The ‘Monitoring’ screen will be displayed.

Step 3. Enter details for “General” tab as below,

  • a. ‘Monitoring Name’ – Enter name for the monitoring configuration.
  • b. ‘Description’ – Describe few words about your monitoring configuration.
  • c. ‘Trigger alert any’ – Choose any one of drop down options mentioned below,
  • d. Any of the conditions are met ‘- Choose this option if you want alert when any of the condition satisfied.
  • e. All of the conditions are met ‘- Choose this option if you want alert when all conditions satisfied.
  • f. ‘Use alert settings’ – Select “Alert settings” from search box for this monitor.

Step 4. Click ‘Add Condition’. Select condition from drop down menu shown:

  • 1. Select “Custom script” Condition To monitor

Step 5. Fill Conditions for Custom Script

  • 1. Script name – Enter name of the script.
  • 2. Description – Describe few words about your monitoring.
  • 3. Check Period – Specify time period for which condition to be monitored.
  • 4. Note – Please read Instructions carefully.
    • a. Write your code on below box without disturbing.
    • b. To run a script as custom monitor, It has “alert” function definition as default. Check an example script.
    • c. To create an alert based on a condition call, call “alert” function with arguments “1” i.e. ( “alert(1)”) should be given to trigger the alert.
    • d. To disable the alert based on condition call, Call “alert” function with arguments “0” i.e. (“alert(0)”) should be given.
    • e. please do not disturb the code below for default function definitions of an “alert()” and “check UAC”
  • 5. Edit your code customly to generate the alert

The below code which should not be disturbed:

import os import sys import _winreg def alert(arg): sys.stderr.write("%d%d%d" % (arg, arg, arg)) 

# Please use “alert(1)” to turn on the monitor(trigger an alert)
# Please use “alert(0)” to turn off the monitor(disable an alert)
# Please do not change above block and write your script below
Here there is a sample Example to Generate the alert with Custom Script

Reference: Here you can refer a sample code.

import sys
import _winreg
import os
import re
import socket def alert(arg): sys.stderr.write("%d%d%d" % (arg, arg, arg))
def information(): name=os.environ['username'] print 'PC-NAME : '+name s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.connect(("8.8.8.8", 80)) print "IP-ADDRESS : " + (s.getsockname()[0]) path="c:windowssystem32" os.chdir(path) out=os.popen("cscript slmgr.vbs -dli").read() c=0 os.environ k,li,up,no,no1=[],[],[],[],[] ab=re.findall('Licensed',out) bc=re.findall('([0-9]{2}sday.*)',out) cd=re.findall('0xC004F056',out) de=re.findall('0xC004F034',out) lea=len(ab) leb=len(bc) lec=len(cd) led=len(de) for i in ab: li.append(i) for j in bc: up.append(j) for k in cd: no.append(k) for l in de: no1.append(l) if lea!=0: if ab==li: print "Your windows is Activated." alert(0) if leb!=0: if bc==up: up.append('Left to expire your windows,Please Activate it.') str1=''.join(str(e)for e in up) print str1 alert(1) if lec!=0: if cd==no: print "You need to Activate your windows." alert(1) if led!=0: if de==no1: print "you need to Activate your windows." alert(1) information()

Step 6: Click on “Save”, to save your Custom script.

Step 7. Go to ITSM → ‘Devices’ → ‘Device List’ menu and click “Device Management” tab. Select a device to which you want to see the log files from the list.

Step 8: Click the “Associated Profiles”.

  • a. Profiles will be added here with Name,source Associated,Information about association.
  • b. If it is “successfully processed” ,go to next step to see the logs else, Check the profile if any Mistakes have done and correct it.

Step 9:

  • 1. Click the “Logs” tab.
  • 2. Click “ Monitoring logs” tab, the triggered alerts will be listed here with the following details Monitor name, Status, Hits Count(24H Period), last hit time, Last Update time and details.
    • a. Click on details
    • b. You can see your custom script statuses with Additional information
    • c. See Example below:

TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE Source: https://blog.comodo.com/it-management/comodo-one-understanding-monitors-itsm/

Cyber Security

IOTW: Despite Patch, Zerologon Attack Still A Big Deal

Avatar

Published

on

A known Windows vulnerability is detected alive and well thanks to one man’s honeypot experiment.

Facts

Security vulnerability CVE-2020-1472, which was discovered and patched earlier this year, is still running rampant. Dubbed Zerologon, it is unique in its simplicity. It works by exploiting a Netlogon weakness. Netlogon is the always-on Windows service that enables end users to log into a network. The scripted hack runs incredibly quickly, searching for unpatched Active Directory systems and exploiting a weakness by adding the number zero in certain Netlogon authentication fields.

On October 16, a month after Microsoft released its first patch, independent researcher Kevin Beaumont drew the hack out by utilizing a honeypot he maintains to detect threats. Honeypots work by intentionally setting up vulnerabilities in order to bait and identify cyber security threats. Using an unpatched lure server, Beaumont discovered that hackers were able to backdoor the server by changing an admin password. From there, hackers have access to domain controllers that administrators use to create and manage accounts across an organization. The hacker can then impersonate any computer connected to the affected network, disable Netlogon security features, and change a network computer’s password.

The attack can only happen once inside a network. However, several noteworthy footholds include firewall and VPN vulnerabilities as well as third-party access through known issues with Citrix, Juniper, and Pulse Secure. Insider threats and phishing schemes can also leverage Zerologon in order to quickly infect an entire enterprise network. Once inside, hackers can deploy ransomware, steal data, commit espionage and other nefarious deeds.

Microsoft released the first patch in August 2020, but it wasn’t without its issues. It involved modifying billions of devices connected to corporate networks which temporarily paused enterprise operations. The temporary fix simply forces Netlogon security features on so the Zerologon attack can’t turn them off to sneak inside.

A more robust patch is scheduled to release in February of 2021. However, Microsoft predicts the new patch will permanently disable standing authentication procedures on some devices.

Related: Patchwork Of Privilege

The Cybersecurity and Infrastructure Security Agency (CISA) warned that Zerologon targets include government networks, potentially affecting election related networks. Their statement released on October 16 reads in part, “Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks.

CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised.”

Quick Tips

In theory, threats like Zerologon should never pose much of a problem. After the initial discovery, a patch is made and released as a Windows update. Once the update is installed, the network is secure.

In practice, however, updates don’t always happen with any sort of urgency. Especially in the case of the Zerologon patch, its time-consuming nature may prompt careless employees to bypass updates in order to keep their system up and running. Certain organizations may decide that the downtime involved in their 24/7 operation is too costly for a fix that may never threaten them in the first place. Some networks are running on servers that will no longer be supported as of November 2020, meaning that, although they will have received the first patch, the second patch won’t automatically install.

Related: Developing A Culture Of Enterprise Cyber Security Resilience

These are simple fixes for a holistic IT team and a solid cyber security framework—for enterprises that have one. Additional mitigation measures include:

  • Applying the Microsoft patch ASAP
  • Using a relevant script or third-party cyber security team to ensure that all domain controllers are patched.
  • Monitoring for Group Policy Object (GPO) changes.
  • Enacting a least privilege access policy to minimize internal threats

Read More: Incident Of The Week

Source: https://www.cshub.com/attacks/articles/iotw-despite-patch-zerologon-attack-still-a-big-deal

Continue Reading

Cyber Security

Business Enablement By Way Of The BISO

Avatar

Published

on

Become a Member today!

PLEASE ENTER YOUR EMAIL TO JOIN FOR FREE

We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

Source: https://www.cshub.com/executive-decisions/articles/business-enablement-by-way-of-the-biso

Continue Reading

Big Data

Top 10 Big Data trends of 2020

Avatar

Published

on

Top 10 Big Data trends of 2020

By Priya Dialani

During the last few decades, Big Data has become an insightful idea in all the significant technical terms. Additionally, the accessibility of wireless connections and different advances have facilitated the analysis of large data sets. Organizations and huge companies are picking up strength consistently by improving their data analytics and platforms.

2019 was a major year over the big data landscape. In the wake of beginning the year with the Cloudera and Hortonworks merger, we’ve seen huge upticks in Big Data use across the world, with organizations running to embrace the significance of data operations and orchestration to their business success. The big data industry is presently worth $189 Billion, an expansion of $20 Billion more than 2018, and is set to proceed with its rapid growth and reach $247 Billion by 2022.

It’s the ideal opportunity for us to look at Big Data trends for 2020.

Chief Data Officers (CDOs) will be the Center of Attraction

The positions of Data Scientists and Chief Data Officers (CDOs) are modestly new, anyway, the prerequisite for these experts on the work is currently high. As the volume of data continues developing, the requirement for data professionals additionally arrives at a specific limit of business requirements.

CDO is a C-level authority at risk for data availability, integrity, and security in a company. As more businessmen comprehend the noteworthiness of this job, enlisting a CDO is transforming into the norm. The prerequisite for these experts will stay to be in big data trends for quite a long time.

Investment in Big Data Analytics

Analytics gives an upper hand to organizations. Gartner is foreseeing that organizations that aren’t putting intensely in analytics by the end of 2020 may not be ready to go in 2021. (It is expected that private ventures, for example, self-employed handymen, gardeners, and many artists, are excluded from this forecast.)

The real-time speech analytics market has seen its previously sustained adoption cycle beginning in 2019. The idea of customer journey analytics is anticipated to grow consistently, with the objective of improving enterprise productivity and the client experience. Real-time speech analytics and customer journey analytics will increase its popularity in 2020.

Multi-cloud and Hybrid are Setting Deep Roots

As cloud-based advances keep on developing, organizations are progressively liable to want a spot in the cloud. Notwithstanding, the process of moving your data integration and preparation from an on-premises solution to the cloud is more confounded and tedious than most care to concede. Additionally, to relocate huge amounts of existing data, organizations should match up to their data sources and platforms for a little while to months before the shift is complete.

In 2020, we hope to see later adopters arrive at a conclusion of having multi-cloud deployment, bringing the hybrid and multi-cloud philosophy to the front line of data ecosystem strategies.

Actionable Data will Grow

Another development concerning big data trends 2020 recognized to be actionable data for faster processing. This data indicates the missing connection between business prepositions and big data. As it was referred before, big data in itself is futile without assessment since it is unreasonably stunning, multi-organized, and voluminous. As opposed to big data patterns, ordinarily relying upon Hadoop and NoSQL databases to look at data in the clump mode, speedy data mulls over planning continuous streams.

Because of this data stream handling, data can be separated immediately, within a brief period in only a single millisecond. This conveys more value to companies that can make business decisions and start processes all the more immediately when data is cleaned up.

Continuous Intelligence

Continuous Intelligence is a framework that has integrated real-time analytics with business operations. It measures recorded and current data to give decision-making automation or decision-making support. Continuous intelligence uses several technologies such as optimization, business rule management, event stream processing, augmented analytics, and machine learning. It suggests activities dependent on both historical and real-time data.

Gartner predicts more than 50% of new business systems will utilize continuous intelligence by 2022. This move has begun, and numerous companies will fuse continuous intelligence during 2020 to pick up or keep up a serious edge.

Machine Learning will Continue to be in Focus

Being a significant innovation in big data trends 2020, machine learning (ML) is another development expected to affect our future fundamentally. ML is a rapidly developing advancement that used to expand regular activities and business processes

ML projects have gotten the most investments in 2019, stood out from all other AI systems joined. Automated ML tools help in making pieces of knowledge that would be difficult to separate by various methods, even by expert analysts. This big data innovation stack gives faster results and lifts both general productivity and response times.

Abandon Hadoop for Spark and Databricks

Since showing up in the market, Hadoop has been criticized by numerous individuals in the network for its multifaceted nature. Spark and managed Spark solutions like Databricks are the “new and glossy” player and have accordingly been picking up a foothold as data science workers consider them to be as an answer to all that they disdain about Hadoop.

However, running a Spark or Databricks work in data science sandbox and then promoting it into full production will keep on facing challenges. Data engineers will keep on requiring more fit and finish for Spark with regards to enterprise-class data operations and orchestration. Most importantly there are a ton of options to consider between the two platforms, and companies will benefit themselves from that decision for favored abilities and economic worth.

In-Memory Computing

In-memory computing has the additional advantage of helping business clients (counting banks, retailers, and utilities) to identify patterns rapidly and break down huge amounts of data without any problem. The dropping of costs for memory is a major factor in the growing enthusiasm for in-memory computing innovation.

In-memory innovation is utilized to perform complex data analyses in real time. It permits its clients to work with huge data sets with a lot more prominent agility. In 2020, in-memory computing will pick up fame because of the decreases in expenses of memory.

IoT and Big Data

There are such enormous numbers of advancements that expect to change the current business situations in 2020. It is hard to be aware of all that, however, IoT and digital gadgets are required to get a balance in big data trends 2020.

The function of IoT in healthcare can be seen today, likewise, the innovation joining with gig data is pushing companies to get better outcomes. It is expected that 42% of companies that have IoT solutions in progress or IoT creation in progress are expecting to use digitized portables within the following three years.

Digital Transformation Will Be a Key Component

Digital transformation goes together with the Internet of Things (IoT), artificial intelligence (AI), machine learning and big data. With IoT connected devices expected to arrive at a stunning 75 billion devices in 2025 from 26.7 billion presently, it’s easy to see where that big data is originating from. Digital transformation as IoT, IaaS, AI and machine learning is taking care of big data and pushing it to regions inconceivable in mankind’s history.

Source: https://www.fintechnews.org/top-10-big-data-trends-of-2020/

Continue Reading
IOT5 hours ago

Consumer Interest in IoT Devices Varies Among Gender, Need

Cyber Security10 hours ago

IOTW: Despite Patch, Zerologon Attack Still A Big Deal

AR/VR16 hours ago

Horror-Comedy Hello Puppets! Continues Performance on Steam

Energy17 hours ago

Global Electrical SCADA Market Report 2020: Developments in IoT Technology and Cloud Computing has Increased Growth

Energy17 hours ago

Global $855 Billion Bio-Refinery Product Market to 2026 with Neste Oil, Renewable Energy, Pacific Ethanol, UOP, Abengoa Bioenergy, and Valero Energy Dominating

Energy18 hours ago

U.S. Chemical Production Expanded In September

Energy18 hours ago

$9.8 Billion Worldwide Thermal Spray Coatings Industry to 2027 – Impact of COVID-19 on the Market

Energy18 hours ago

Valisure Expands Testing Capabilities With The Addition Of Elemental Analysis

AR/VR19 hours ago

Somnium Space’s Next Updates to Add Buildable Worlds, Web Access & More

AI19 hours ago

Beyond Limits and The Carnrite Group Create Alliance to Drive AI Innovation in Oil & Gas, Utilities, Power and Industrial Sectors.

Esports19 hours ago

BIG, OG, fnatic round out Flashpoint 2 team list

Crowdfunding19 hours ago

Earn $10,249 a Year in FREE “Crypto Income”

Energy20 hours ago

Ball Corporation and Kroenke Sports & Entertainment Announce Global Partnership to Advance Sustainability in Sports and Entertainment Through Aluminum Beverage Packaging, Improved Recycling Programs and Consumer Education

Energy20 hours ago

St. James Gold Announces Private Placement

Energy20 hours ago

Worldwide Water and Wastewater Treatment Equipment Industry to 2027 – Featuring SUEZ, Ecolab & DuPont Among Others

Energy20 hours ago

Automotive Refinish Coatings Market Size Worth USD 11.69 Billion by 2027 | CAGR of 3.7%: Emergen Research

AR/VR20 hours ago

Captain Toonhead vs the Punks from Outer Space Unleashes FPS Tower Defense in 2021

Germany
Esports21 hours ago

Vitality take down BIG to set up clash against Astralis in DH Open Fall

Energy23 hours ago

Dorian LPG Ltd Provides Update for the Second Quarter 2021 and Announces Second Quarter 2021 Earnings and Conference Call Date

Energy23 hours ago

SK Innovation Declares Ambition to ‘Lead the Efforts for Battery Safety, Charging Speed and Driving Range’ at InterBattery 2020

Energy23 hours ago

Canada Nickel Makes Third New Discovery at Crawford Nickel-Cobalt Sulphide Project

Energy24 hours ago

AEP Reports Strong Third-Quarter 2020 Earnings

Blockchain1 day ago

Eyeing EU Banks, Hex Trust Teams With SIA on Crypto Custody

Blockchain1 day ago

Collider Labs Raises $1M to Invest in Blockchain Startups

Blockchain1 day ago

Voyager Agrees to Buy LGO Markets and Merge 2 Firms’ Tokens

Cyber Security1 day ago

Business Enablement By Way Of The BISO

Ecommerce1 day ago

Turing Pi 2 – compact edge clusters with 32 GB RAM and new Raspberry…

Ecommerce1 day ago

The Top eCommerce Companies in October, According to eCommerce…

Ecommerce1 day ago

Footwear Manufacturer Otabo Steps Up Digital Strategy with Centric…

Ecommerce1 day ago

Cloud Sales Veterans Release Essential Read for B2B Salespeople

Ecommerce1 day ago

LaserShip Announces Its Time Of Need Philanthropic Program

Indonesia
Esports1 day ago

Gen.G in talks with Liazz – Report

Esports2 days ago

cogu joins MIBR as manager and coach

Energy2 days ago

Strategic Resources Files Mustavaara Technical Report

Energy2 days ago

Ur-Energy Announces Extension of State Bond Loan and Provides Update

Energy2 days ago

Pettit Marine Paint Develops the Most Effective Anti-fouling Paint to Hit the Market in Many Years – ODYSSEY® TRITON

Energy2 days ago

Core Lab Reports Third Quarter 2020 Results From Continuing Operations:

Blockchain2 days ago

Pelosi, Kudlow Signal Market-Moving US Stimulus May Wait Till After Election: Report

Energy2 days ago

A Difference-Making Disinfectant

Blockchain2 days ago

Market Wrap: PayPal Powers Bitcoin Past $12.8K as Ether Dominance Drops

Trending