Help Center Home > Alerts > Understand Rule Templates for Alerts

Understand Rule Templates for Alerts

You can use predefined rule templates to configure monitoring rules based on your needs. While the predefined rule templates are designed to help you save time by quickly configuring rules, they also allow you to customize the rule as per your requirements. You can add relevant descriptions, add precise conditions, and set a relevant priority for your alerts to best suit your needs.

Customizing alert rules allows you to:

  • Focus on the metrics most critical to your organization
  • Reduce noise by eliminating unnecessary alerts
  • Ensure timely notifications for important events
  • Align monitoring with your specific IT policies and requirements

You can use predefined rule templates to configure alert rules from the Rules dashboard in the Alerts console. See Configure Rules for Device Monitoring and Alerting to learn more.

Details of all the predefined rule templates available in the Alerts console along with the steps to configure each rule are discussed in this article.

Configuring Battery Health Monitoring Rule

JumpCloud’s Battery Health Monitoring rule tracks the battery capacity. This can help  prevent issues like overheating and unexpected downtime caused by capacity decline over time.

  • Using the Battery Health Monitoring rule template, you can set up monitoring rules and specify the capacity threshold.
  • Once enabled, the rule monitors the  System Insights data of all the active devices in the selected Devices Group. This data is refreshed every 60 minutes. 
  • When battery capacity reaches or falls below the specified threshold, an alert is generated..

Note:

The rule monitors battery capacity for all battery-powered devices such as laptops and tablets, but excludes servers and desktops, which lack batteries.

To configure the rule:

  1. On the Rules dashboard, click +Rule to view the predefined rule templates.
  2. Select Battery Health Monitoring.
  3. Update the rule name as required. Ensure the name is unique, concise and indicates what the rule does.
  4. Add more relevant details in the description and explain the purpose of the rule. 
  5. In the Conditions section, enter the percentage threshold for the alert. This will determine when the rule activates. An alert will be generated when the battery capacity drops below the percentage you define here.
  6. Use the Priority dropdown to assign a priority level to the rule - Low, Medium, and High.
  7. Click the Device Groups tab and select the groups that you want to monitor for this rule. You can select multiple device groups. System Insights will be automatically enabled on the target device groups, as well as new devices added to these groups.
  8. Click Save to save the rule.

Configuring Command Execution Failure Rule

By monitoring JumpCloud Command execution, you can quickly detect and resolve underlying issues, ensuring proactive maintenance and optimization.

  • Using the Command Execution Failure Rule template, you can set up monitoring rules and specify the commands that you want to monitor in the Conditions section. 
  • Once enabled, the rule checks for all command execution events across your device fleet and generates an alert when any specified command completes with a non-zero status.
  • Each command is associated with a Device Group while creating the commands. This association is automatically inherited by this rule, eliminating the need to associate a device group while creating the rule.

Ensure all required commands for monitoring are added in the Commands section of the JumpCloud admin portal. See Get Started: Commands to learn more.

To configure the rule:

  1. On the Rules dashboard, click +Rule to view the predefined rule templates.
  2. Select Command Execution Failure.
  3. Update  the rule name as required. Ensure the name is unique, concise and clearly describes its function.
  4. Add more relevant details in the description and explain the purpose of the rule. 
  5. In the Conditions section, search and select the commands that you want to monitor from your commands list. 

Important:

If multiple commands are included in the Conditions section, a separate alert is generated for the failure of each command.

  1. Use the Priority dropdown to assign a priority level to the rule - Low, Medium, and High. This helps prioritize alerts and manage responses according to the severity of the issue. 
  2. For Existing Conditions:
    • Enable this to generate alerts for repeating commands that failed (non-zero status) in their most recent run prior to the rule’s activation. See Understanding Existing Conditions to learn more.
    • Disable this to only generate alerts for commands that fail (non-zero status) after the rule is active. 
  3. Click Save.

Custom Command Monitoring: Extending Alert Rule Capabilities

You can also attach custom command scripts in the Conditions section of the rule to monitor specific system attributes or conditions. This flexibility allows targeted monitoring of various system elements such as:

  • Registry key values
  • Event log entries
  • Running processes
  • Service status
  • Specific file system changes
  • Custom application states

By defining a custom monitoring script, you can create highly specific alerting conditions tailored to your unique environment and security requirements.

Examples (PowerShell): 

  1. Service Status Check:

(Get-Service -Name "CriticalService").Status -ne "Running" ? (exit 1) : (exit 0)

  1. Registry Value Check:

(Get-ItemPropertyValue 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'EnableLUA') -ne 1 ? (exit 1) : (exit 0)

Similar scripts can be crafted to monitor event logs, process existence, admin accounts, or any custom condition relevant to your monitoring needs.

Configuring Device Offline Monitoring Rule

If devices remain offline for long durations, they may miss essential updates, security patches, and policy configurations, creating potential vulnerabilities and compliance risks. Regular monitoring helps identify and address such devices to ensure they are updated and secure when reconnected.

  • Using the Device Offline Monitoring rule template, you can set up monitoring rules and specify a time period as a condition. Once enabled, the rule monitors all the devices in your selected Device Groups. 
  • Every JumpCloud registered device has the JumpCloud Agent installed. The agent periodically reports to the JumpCloud network. See Get Started: Devices to learn more.
  • A device is considered offline (Inactive status on the Device page), if three consecutive agent reports are missed, typically due to network outage or device shutdown. 
  • The rule checks the JumpCloud agent logs every 30 minutes. If a device remains offline beyond the time specified in the Conditions section, an alert is generated.

To configure the rule:

  1. On the Rules dashboard, click +Rule to view the predefined rule templates.
  2. Select Device Offline Monitoring.
  3. Update the rule name as required. Ensure the name is unique, concise and indicates what the rule does.
  4. Add more relevant details in the description and explain the purpose of the rule. 
  5. In the Conditions section, enter the time period for the alert. This should be at least 30 minutes to generate relevant alerts.
  6. Use the Priority dropdown to assign a priority level to the rule - Low, Medium, and High. This helps prioritize alerts and manage responses according to the severity of the issue. 
  7. For Existing Conditions:
    • Enable this to generate alerts for all devices that were found offline in the most recent agent report prior to rule activation. See Understanding Existing Conditions to learn more.
    • Disable this to only generate alerts for devices that remain offline after the rule is active. 
  1. Click the Device Groups tab and select the groups that you want to monitor for this rule. You can select multiple device groups. 
  2. Click Save.

Configuring Device Uptime Monitoring Rule

Monitor device uptime to ensure devices are running smoothly and critical patches are applied on time.

  • Using the Device Uptime Monitoring rule template, you can create monitoring rules and specify a specific time period as the condition.  
  • Once enabled, the rule proactively monitors the System Insights data from active devices in the selected Devices Group. This data is refreshed every 60 minutes. 
  • When the device stays online beyond the time specified in the Conditions section, an alert is generated.

To configure the rule:

  1. On the Rules dashboard, click +Rule to view the predefined rule templates.
  2. Select Device Uptime Monitoring.
  3. Update the rule name as required. 
  4. Ensure the name is unique, concise and indicates what the rule does.
  5. Add more relevant details in the description and explain the purpose of the rule. 
  6. In the Conditions section, enter the time period for which you want to generate the alert. You can enter the value in Minutes, hours and days. Set this to at least 30 minutes to generate relevant alerts.
  7. Use the Priority dropdown to assign a priority level to the rule - Low, Medium, and High. This helps prioritize alerts and manage responses according to the severity of the issue. 
  8. Click the Device Groups tab and select the groups that you want to monitor for this rule. You can select multiple device groups. System Insights will be automatically enabled on the target device groups, as well as new devices added to these groups.
  9. Click Save.

Configuring Disk Use Monitoring Rule

The drive where the Operating System (OS) is installed must have adequate free space to allow the device to function smoothly. The OS requires free space for temporary files and updates. As disk space declines, the device may slow down and critical updates may be missed, creating vulnerabilities. Monitoring disk usage helps admins track space and prevent slowdowns or crashes due to full disks.

  • Using the Disk Use Monitoring rule template, you can create monitoring rules and specify a threshold in the condition. 
  • Once enabled, the rule monitors the System Insights data for all active devices in the selected Device Groups. This data is refreshed every 60 minutes. 
  • When the space available in the System Drive reaches or drops below the threshold specified in the Conditions section, an alert is generated.

To configure the rule:

  1. On the Rules dashboard, click +Rule to view the predefined rule templates.
  2. Select Disk Use Monitoring Rule.
  3. Update the rule name as required. Ensure the name is unique, concise and indicates what the rule does.
  4. Add more relevant details in the description and explain the purpose of the rule. 
  5. In the Conditions section, select the Condition. Currently, you can create a rule for the System Drive only.
    • For Capacity Measurement, select Percentage or MB.
    • Enter the value. 
      You can add multiple conditions using Add Condition.

Tip:

This sets the threshold. If disk space drops below it, the rule will generate an alert.

  1. Use the Priority dropdown to assign a priority level to the rule - Low, Medium, and High. This helps prioritize alerts and manage responses according to the severity of the issue. 
  2. Click the Device Groups tab and select the groups that you want to monitor for this rule. You can select multiple device groups. System Insights will be automatically enabled on the target device groups, as well as new devices added to these groups.
  3. Click Save.

Configuring Managed Software Installation Failure Rule

JumpCloud Managed Software refers to the apps that are configured, deployed and maintained by JumpCloud. Monitor managed software installation failures to ensure critical apps and updates are properly deployed across your system. See Get Started: Software Management to learn more.

  • Using the Configure Managed Software Installation failure rule template, you can set up monitoring rules and specify all JumpCloud managed software apps in the conditions section. 
  • Once enabled,  when a JumpCloud managed app fails to install on a device, an alert is generated 

Ensure all JumpCloud Managed Software apps are added in the Software Management section before configuring the rule.

To configure the rule:

  1. On the Rules dashboard, click +Rule to view the predefined rule templates.
  2. Select Managed Software Installation Failure.
  3. Update the rule name as required. Ensure the name is unique, concise and indicates what the rule does.
  4. Add more relevant details in the description and explain the purpose of the rule. 
  5. In the Conditions section, search and select the software from your software list. You can add all the software that you want to monitor here. 
  6. Use the Priority dropdown to assign a priority level to the rule - Low, Medium, and High. This helps prioritize alerts and manage responses according to the severity of the issue. 
  7. For Existing Alerts:
  8. Enable this to generate alerts for all managed apps that failed to install in the most recent execution before the rule was activated. See Understanding Existing Conditions to learn more.
  9. Disable this to only generate alerts for managed apps that fail to install after the rule is active.
  10. Click Save.

Note:

Alerts generated by this rule will be auto-resolved once the app is successfully installed on the device.

Configuring New Users in JumpCloud Directory Rule

Monitoring new user additions is a critical part of securing an IT environment, ensuring only authorized users have access and mitigating risks associated with unauthorized account creation.

  • Using the New Users in JumpCloud Directory rule template, you can create a monitoring rule to keep an eye on new users being added to the JumpCloud directory.  
  • Once enabled, the rule monitors JumpCloud Directory for user addition events and generates an alert every time a new user is added to Jumpcloud. 
  • Whether added via cloud directory or manually, enabling this rule will generate real-time alerts.

To configure the rule:

  1. On the Rules dashboard, click +Rule to view the predefined rule templates.
  2. Select New Users in JumpCloud Directory.
  3. Update the rule name as required. Ensure the name is unique, concise and indicates what the rule does.
  4. Add more relevant details in the description and explain the purpose of the rule. 
  5. No action required in the Conditions section.
  6. Use the Priority dropdown to assign a priority level to the rule - Low, Medium, and High. This helps prioritize alerts and manage responses according to the severity of the issue. 
  7. Click Save to save the rule.

Configuring Policy Application Failure Rule

Monitoring policy application failures ensures all security measures, configurations, and compliance guidelines are properly enforced.

  • Using the Policy Application Failure rule template, you can quickly set up monitoring rules and specify all the critical policies. 
  • Once enabled, the rule checks for all the policy application events across your device fleet. When any of the specified policies fail to apply, an alert is generated. 

You need to add all the required policies in the Policy Management section. See Get Started: Policies to learn more. 

To configure the rule:

  1. On the Rules dashboard, click +Rule to view the predefined rule templates.
  2. Select Policy Application Failure.
  3. Update the rule name as required. Ensure the name is unique, concise and indicates what the rule does.
  4. Add more relevant details in the description and explain the purpose of the rule. . 
  5. In the Conditions section, search and select the policies from the list. You can add multiple policies to monitor here. 
  6. Use the Priority dropdown to assign a priority level to the rule - Low, Medium, and High. This helps prioritize alerts and manage responses according to the severity of the issue. 
  7. For Existing Conditions:
    • Enable this to generate alerts for all policies that failed to apply during the latest application run before rule activation. See Understanding Existing Conditions to learn more.
    • Disable this to only generate alerts for policy applications that fail after the rule is active. 
  8. Click Save.

Note:

Alerts generated by this rule will be auto-resolved if the policy application is successful.

Configuring Software Addition Rule

Monitoring software addition helps detect unauthorized installations and maintain network security.

  • Using the Software Addition rule template, you can create rules and to monitor the specified software.
  • Once enabled, the rule monitors System Insights data from all active devices in the selected Device Groups. This data is refreshed every 60 minutes.  
  • When any of the specified software is added to a device, an alert is generated. 

You need to have a list of all the unauthorized software that you want to monitor. 

To configure the rule:

  1. On the Rules dashboard, click +Rule to view the predefined rule templates.
  2. Select Software Addition.
  3. Update the rule name as required. Ensure the name is unique, concise and indicates what the rule does.
  4. Add more relevant details in the description and explain the purpose of the rule. 
  5. In the Conditions section, select the Operator
    • Equals: To specify the exact name and then add the name in the Value field.
    • Contains: To add a few matching characters and then add the characters in the Value field.

Tip:

Use the Equals operator to specify the exact software name you want to monitor for relevant alerts. For example, to receive alerts when BitTorrent is uninstalled, enter its exact name.

Use Add Condition to add more conditions to the rule. You can delete the condition by clicking the Delete icon.The rule needs at least one condition.

  1. Use the Priority dropdown to assign a priority level to the rule - Low, Medium, and High. This helps prioritize alerts and manage responses according to the severity of the issue. 
  2. Click the Device Groups tab and select the groups that you want to monitor for this rule. You can select multiple device groups. System Insights will be automatically enabled on the target device groups, as well as new devices added to these groups.
  3. Click Save.

Configuring Software Removal Rule

Monitoring mandatory software removal helps admins detect unauthorized or accidental uninstallations, ensuring system security and compliance.

  • Using the Software Removal rule template, you can set up rules to monitor the specified software.
  • Once enabled, the rule monitors System Insights data from all active devices in the selected Device Groups. This data is refreshed every 60 minutes. 
  • When any of the specified software is uninstalled from a device, an alert is generated. 

You need to have a list of all the mandatory software that you want to monitor. 

To configure the rule:

  1. On the Rules dashboard, click +Rule to view the predefined rule templates.
  2. Select Software Removal.
  3. Update the rule name as required. Ensure the name is unique, concise and indicates what the rule does.
  4. Add more relevant details in the description and explain the purpose of the rule.
  5. In the Conditions section, select the Operator
    • Equals: To specify the exact name and then add the name in the Value field.
    • Contains: To add some matching characters and then add the characters in the Value field.

Tip:
  • Use the Equals operator to specify the exact software name for more relevant alerts. For example, to be alerted when antivirus software is uninstalled, enter its exact name.
  • Use Add Condition to add more conditions to the rule. You can delete the condition by clicking the Delete icon. The rule needs at least one condition.
  1. Use the Priority dropdown to assign a priority level to the rule - Low, Medium, and High. This helps prioritize alerts and manage responses according to the severity of the issue. 
  2. Click the Device Groups tab and select the groups to monitor for this rule. You can choose multiple groups. System Insights will be automatically enabled on the target device groups, as well as new devices added to these groups.
  3. Click Save.

Configuring User and User Group Permission Elevation Rule

Using the User and User Group Permission Elevation rule template, you can set up monitoring rules to get alerted when a user or user is granted elevated system privileges. 

Currently the rule monitors the following elevated privileges:

  • Administrative/Sudo access
  • Passwordless Sudo access

This rule monitors JumpCloud Directory events and generates real-time alerts when a user or user group is granted any elevated permissions specified in the Conditions section.

To configure the rule:

  1. On the Rules dashboard, click +Rule to view the predefined rule templates.
  2. Select User and User Group Permission Elevation.
  3. Update the rule name as required. Ensure the name is unique, concise and indicates what the rule does.
  4. Add more relevant details in the description and explain the purpose of the rule. 
  5. No action required In the Conditions section.
  6. Use the Priority dropdown to assign a priority level to the rule - Low, Medium, and High. This helps prioritize alerts and manage responses according to the severity of the issue. 
  7. Click Save.
Back to Top

List IconIn this Article

Notebook IconLearn More

Get Started: Device Monitoring and Alerting

Configure Rules for Device Monitoring and Alerting

Device Monitoring and Alerting in MTP

FAQ: Device Monitoring and Alerting

Troubleshoot: Device Monitoring and Alerting Known Issues

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case