You must set up an insights rule to select the events for which notifications will be sent via notification channels.
To create an Insights Rule, follow these steps:
- Login to the JumpCloud Admin portal.
- To view the alerts console, you can do any of the following:
- In the left navigation pane, go to Insights > Alerts.
- On the home page, scroll down to the Open Alerts widget and click Go To Alerts Dashboard.
- Click the Alerts (bell) icon on the top navigation bar.
- Click Rules to view the dashboard.
- Click +Rule. This will take you to the Rule Management section with all the predefined rule templates.
- Go to the Insights tab and click Rule For Event Based Alerts. You can also type the rule name in the Search bar.
- Leave the Enabled button as is to activate the rule immediately after saving. You can switch the button to Disable if you prefer.
- Provide Rule Details:
- Rule Name: Enter a clear and concise name for your rule.
- Description: Document the purpose of the rule in the description field.
- In the Conditions section, select the events for which you want to send notifications.
- You can use the Show Selected Events checkbox to view all the selected events at one go.
- Use the Priority dropdown to assign a priority level to the rule. This helps prioritize alerts and manage responses according to the severity of the issue. These options are available:
- Low - Select this for alerts that are neither urgent nor highly important. They should receive fewer resources and can usually wait until they become more urgent.
- Medium- Select this for alerts that are urgent but less important. They should receive a moderate allocation of resources.
- High - Select this for alerts that are important and require immediate attention. They should receive the most resources to ensure they are addressed promptly.
- In the Alert Actions section, enable Send Notifications.
- Search and select the channels that you want to send notifications to.
- Additionally select the checkbox for each action to send notifications to the selected channels:
- Alert Resolution: Email all users in the selected channels when an alert from this rule is resolved.
- Alert Acknowledgement: Email all users in the selected channels when an alert from this rule is acknowledged.
- Click Save.
The rule will be activated and added to the Rules dashboard. If you want to Disable the rule or make any other modifications, see Use the Rules Dashboard to learn more.
Once the rule is saved, every time the event selected in the Condition section occurs, an alert will be generated and the selected channels will receive notifications. You can view the alerts in the Alerts Dashboard. See Use the Alerts Dashboard to learn more about alerts.
You can go back to the webhook to verify the mapping in the Rules tab within the webhook channel.
Events: Insight Alerts
There are a number of events recorded in Directory Insights related to alerts and webhooks. Reference the table below for the Event Type and Description of the event as captured in Directory Insights. For more information on using Directory Insights, see View the Directory Insights Data Activity Log.
The following is a list of events that you see related to Insight Alerts.
Insight Alert Events
Event Type | Description |
access_management_access_request | Access Management request is created. |
admin_lockout | An admin account is locked due to multiple login failures. |
admin_password_reset_request | An admin requests to reset their password. |
admin_totp_disable | An admin's TOTP requirement is disabled. |
admin_update | An admin account is updated. |
association_change | A user or device association / membership is updated. |
device_enrollment | A device is enrolled with Microsoft MDM. |
passwordmanager_backup_key_regenerate | A new backup key is generated. |
passwordmanager_backup_request | A cloud backup request is created. |
saas_management_application_discover | A SaaS Management application is discovered. |
system_create | A device is added. |
system_fde_key_decrypt | A device's full disk encryption key was decrypted. |
system_fde_key_update | A system's full disk encryption key updates. |
user_activated | A user account is activated. |
user_admin_granted | Admin granted user admin sudo privileges on device(s). |
user_create_provision | User created in an external application. |
user_delete_provision | User deletion in an external application has failed. |
user_deprovision | User deprovisioning in an external application has failed. |
user_group_admin_grant | Administrator access granted. |
user_lockout | A user account is locked out. |
user_mfa_exclusion_expired | User's MFA enrollment expires. |
user_password_expired | User's password expires. |
user_password_reset_request | User requests to change their password. |
user_suspended | A user account is suspended. |
user_update_provision | User update in an external application has failed. |