{"id":117983,"date":"2024-12-03T07:30:39","date_gmt":"2024-12-03T12:30:39","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=117983"},"modified":"2024-12-09T07:26:41","modified_gmt":"2024-12-09T12:26:41","slug":"understand-rule-templates-for-alerts","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts","title":{"rendered":"Understand Rule Templates for Alerts"},"content":{"rendered":"\n<p>You can use predefined rule templates to configure monitoring rules based on your needs.&nbsp;While the predefined rule templates are designed to help you save time by quickly configuring rules, they also allow you to customize the rule as per your requirements. You can add relevant descriptions, add precise conditions, and set a relevant priority for your alerts to best suit your needs.<\/p>\n\n\n\n<p>Customizing alert rules allows you to:<\/p>\n\n\n\n<ul>\n<li>Focus on the metrics most critical to your organization<\/li>\n\n\n\n<li>Reduce noise by eliminating unnecessary alerts<\/li>\n\n\n\n<li>Ensure timely notifications for important events<\/li>\n\n\n\n<li>Align monitoring with your specific IT policies and requirements<\/li>\n<\/ul>\n\n\n\n<p>You can use predefined rule templates to configure alert rules from the Rules dashboard in the Alerts console. See <a href=\"https:\/\/jumpcloud.com\/support\/configure-rules-for-jumpcloud-alerts\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Rules for Device Monitoring and Alerting<\/a> to learn more.<\/p>\n\n\n\n<p>Details of all the predefined rule templates available in the Alerts console along with the steps to configure each rule are discussed in this article.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configuring-battery-health-monitoring-rule\">Configuring Battery Health Monitoring Rule<\/h2>\n\n\n\n<p>JumpCloud\u2019s Battery Health Monitoring rule tracks the battery capacity. This can help&nbsp; prevent issues like overheating and unexpected downtime caused by capacity decline over time.<\/p>\n\n\n\n<ul>\n<li>Using the Battery Health Monitoring rule template, you can set up monitoring rules and specify the capacity threshold.<\/li>\n\n\n\n<li>Once enabled, the rule monitors the&nbsp; System Insights data of all the active devices in the selected Devices Group. This data is refreshed every 60 minutes.&nbsp;<\/li>\n\n\n\n<li>When battery capacity reaches or falls below the specified threshold, an alert is generated..<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>The rule monitors battery capacity for all battery-powered devices such as laptops and tablets, but excludes servers and desktops, which lack batteries.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p><strong>To configure the rule:<\/strong><\/p>\n\n\n\n<ol>\n<li>On the Rules dashboard, click <strong>+Rule<\/strong> to view the predefined rule templates.<\/li>\n\n\n\n<li>Select <strong>Battery Health Monitoring<\/strong>.<\/li>\n\n\n\n<li>Update the rule name as required.&nbsp;Ensure the name is unique, concise and indicates what the rule does.<\/li>\n\n\n\n<li>Add more relevant details in the description and explain the purpose of the rule.&nbsp;<\/li>\n\n\n\n<li>In the <strong>Conditions<\/strong> section, enter the percentage threshold for the alert. This will determine when the rule activates. An alert will be generated when the battery capacity drops below the percentage you define here.<\/li>\n\n\n\n<li>Use the <strong>Priority<\/strong> dropdown to assign a priority level to the rule &#8211;<strong> Low<\/strong>, <strong>Medium<\/strong>, and <strong>High<\/strong>.<\/li>\n\n\n\n<li>Click the <strong>Device Groups<\/strong> tab and select the groups that you want to monitor for this rule. You can select multiple device groups. System Insights will be automatically enabled on the target device groups, as well as new devices added to these groups.<\/li>\n\n\n\n<li>Click <strong>Save<\/strong> to save the rule.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configuring-command-execution-failure-rule\">Configuring Command Execution Failure Rule<\/h2>\n\n\n\n<p>By monitoring JumpCloud Command execution, you can quickly detect and resolve underlying issues, ensuring proactive maintenance and optimization.<\/p>\n\n\n\n<ul>\n<li>Using the Command Execution Failure Rule template, you can set up monitoring rules and specify the commands that you want to monitor in the Conditions section.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Once enabled, the rule checks for all command execution events across your device fleet and generates an alert when any specified command completes with a non-zero status.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Each command is associated with a Device Group while creating the commands. This association is automatically inherited by this rule, eliminating the need to associate a device group while creating the rule.<\/li>\n<\/ul>\n\n\n\n<p>Ensure all required commands for monitoring are added in the <strong>Commands <\/strong>section of the JumpCloud admin portal. See <a href=\"https:\/\/jumpcloud.com\/support\/get-started-commands\" target=\"_blank\" rel=\"noreferrer noopener\">Get Started: Commands<\/a> to learn more.<\/p>\n\n\n\n<p><strong>To configure the rule:<\/strong><\/p>\n\n\n\n<ol start=\"1\">\n<li>On the Rules dashboard, click <strong>+Rule<\/strong> to view the predefined rule templates.<\/li>\n\n\n\n<li>Select<strong> Command Execution Failure<\/strong>.<\/li>\n\n\n\n<li>Update&nbsp; the rule name as required.&nbsp;Ensure the name is unique, concise and clearly describes its function.<\/li>\n\n\n\n<li>Add more relevant details in the description and explain the purpose of the rule.&nbsp;<\/li>\n\n\n\n<li>In the <strong>Conditions<\/strong> section, search and select the commands that you want to monitor from your commands list.&nbsp;<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>If multiple commands are included in the <strong>Conditions<\/strong> section, a separate alert is generated for the failure of each command.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"6\">\n<li>Use the <strong>Priority<\/strong> dropdown to assign a priority level to the rule &#8211; <strong>Low<\/strong>, <strong>Medium<\/strong>, and <strong>High<\/strong>. This helps prioritize alerts and manage responses according to the severity of the issue.&nbsp;<\/li>\n\n\n\n<li>For <strong>Existing Conditions:<\/strong>\n<ul>\n<li><strong>Enable<\/strong> this to generate alerts for repeating commands that failed (non-zero status) in their most recent run prior to the rule\u2019s activation. See <a href=\"https:\/\/docs.google.com\/document\/d\/1eKaI875Sm1hwqlmgTB0MZSgFfBnLJHlJItA6vnt6odc\/edit?tab=t.0#heading=h.zery9u49rr0j\">Un<\/a><a href=\"https:\/\/jumpcloud.com\/support\/configure-rules-for-jumpcloud-alerts#understanding-existing-conditions\" target=\"_blank\" rel=\"noreferrer noopener\">derstanding Existing Conditions<\/a> to learn more.<\/li>\n\n\n\n<li><strong>Disable<\/strong> this to only generate alerts for commands that fail (non-zero status) after the rule is active.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Custom Command Monitoring: Extending Alert Rule Capabilities<\/h3>\n\n\n\n<p>You can also attach custom command scripts in the <strong>Conditions<\/strong> section of the rule to monitor specific system attributes or conditions. This flexibility allows targeted monitoring of various system elements such as:<\/p>\n\n\n\n<ul>\n<li>Registry key values<\/li>\n\n\n\n<li>Event log entries<\/li>\n\n\n\n<li>Running processes<\/li>\n\n\n\n<li>Service status<\/li>\n\n\n\n<li>Specific file system changes<\/li>\n\n\n\n<li>Custom application states<\/li>\n<\/ul>\n\n\n\n<p>By defining a custom monitoring script, you can create highly specific alerting conditions tailored to your unique environment and security requirements.<\/p>\n\n\n\n<p>Examples (PowerShell):&nbsp;<\/p>\n\n\n\n<ol>\n<li><strong>Service Status Check:<\/strong><\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>(Get-Service -Name &#8220;CriticalService&#8221;).Status -ne &#8220;Running&#8221; ? (exit 1) : (exit 0)<\/p>\n<\/div><\/div>\n\n\n\n<ol start=\"2\">\n<li><strong>Registry Value Check:<\/strong><\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>(Get-ItemPropertyValue &#8216;HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System&#8217; -Name &#8216;EnableLUA&#8217;) -ne 1 ? (exit 1) : (exit 0)<\/p>\n<\/div><\/div>\n\n\n\n<p>Similar scripts can be crafted to monitor event logs, process existence, admin accounts, or any custom condition relevant to your monitoring needs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configure-device-offline-monitoring-rule\">Configuring Device Offline Monitoring Rule<\/h2>\n\n\n\n<p>If devices remain offline for long durations, they may miss essential updates, security patches, and policy configurations, creating potential vulnerabilities and compliance risks. Regular monitoring helps identify and address such devices to ensure they are updated and secure when reconnected.<\/p>\n\n\n\n<ul>\n<li>Using the Device Offline Monitoring rule template, you can set up monitoring rules and specify a time period as a condition. Once enabled, the rule monitors all the devices in your selected Device Groups.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Every JumpCloud registered device has the JumpCloud Agent installed. The agent periodically reports to the JumpCloud network. See <a href=\"https:\/\/jumpcloud.com\/support\/get-started-devices\" target=\"_blank\" rel=\"noreferrer noopener\">Get Started: Devices<\/a> to learn more.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>A device is considered offline (<strong>Inactive<\/strong> status on the Device page), if three consecutive agent reports are missed, typically due to network outage or device shutdown.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>The rule checks the JumpCloud agent logs every 30 minutes. If a device remains offline beyond the time specified in the Conditions section, an alert is generated.<\/li>\n<\/ul>\n\n\n\n<p><strong>To configure the rule:<\/strong><\/p>\n\n\n\n<ol>\n<li>On the Rules dashboard, click <strong>+Rule<\/strong> to view the predefined rule templates.<\/li>\n\n\n\n<li>Select <strong>Device Offline Monitoring<\/strong>.<\/li>\n\n\n\n<li>Update the rule name as required.&nbsp;Ensure the name is unique, concise and indicates what the rule does.<\/li>\n\n\n\n<li>Add more relevant details in the description and explain the purpose of the rule.&nbsp;<\/li>\n\n\n\n<li>In the <strong>Conditions<\/strong> section, enter the time period for the alert.&nbsp;This should be at least 30 minutes to generate relevant alerts.<\/li>\n\n\n\n<li>Use the <strong>Priority<\/strong> dropdown to assign a priority level to the rule &#8211; <strong>Low<\/strong>,<strong> Medium<\/strong>, and <strong>High<\/strong>. This helps prioritize alerts and manage responses according to the severity of the issue.&nbsp;<\/li>\n\n\n\n<li>For <strong>Existing Conditions:<\/strong>\n<ul>\n<li><strong>Enable <\/strong>this to generate alerts for all devices that were found offline in the most recent agent report prior to rule activation. See <a href=\"https:\/\/jumpcloud.com\/support\/configure-rules-for-jumpcloud-alerts#understanding-existing-conditions\" target=\"_blank\" rel=\"noreferrer noopener\">Understanding Existing Conditions<\/a> to learn more.<\/li>\n\n\n\n<li><strong>Disable<\/strong> this to only generate alerts for devices that remain offline after the rule is active.&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<ol start=\"8\">\n<li>Click the <strong>Device Groups<\/strong> tab and select the groups that you want to monitor for this rule. You can select multiple device groups.&nbsp;<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configuring-device-uptime-monitoring-rule\">Configuring Device Uptime Monitoring Rule<\/h2>\n\n\n\n<p>Monitor device uptime to ensure devices are running smoothly and critical patches are applied on time.<\/p>\n\n\n\n<ul>\n<li>Using the Device Uptime Monitoring rule template, you can create monitoring rules and specify a specific time period as the condition.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Once enabled, the rule proactively monitors the System Insights data from active devices in the selected Devices Group. This data is refreshed every 60 minutes.&nbsp;<\/li>\n\n\n\n<li>When the device stays online beyond the time specified in the Conditions section, an alert is generated.<\/li>\n<\/ul>\n\n\n\n<p><strong>To configure the rule:<\/strong><\/p>\n\n\n\n<ol>\n<li>On the Rules dashboard, click <strong>+Rule<\/strong> to view the predefined rule templates.<\/li>\n\n\n\n<li>Select <strong>Device Uptime Monitoring<\/strong>.<\/li>\n\n\n\n<li>Update the rule name as required.&nbsp;<\/li>\n\n\n\n<li>Ensure the name is unique, concise and indicates what the rule does.<\/li>\n\n\n\n<li>Add more relevant details in the description and explain the purpose of the rule.&nbsp;<\/li>\n\n\n\n<li>In the <strong>Conditions<\/strong> section, enter the time period for which you want to generate the alert. You can enter the value in Minutes, hours and days. Set this to at least 30 minutes to generate relevant alerts.<\/li>\n\n\n\n<li>Use the <strong>Priority<\/strong> dropdown to assign a priority level to the rule &#8211; <strong>Low<\/strong>,<strong> Medium<\/strong>, and <strong>High<\/strong>. This helps prioritize alerts and manage responses according to the severity of the issue.&nbsp;<\/li>\n\n\n\n<li>Click the <strong>Device Groups<\/strong> tab and select the groups that you want to monitor for this rule. You can select multiple device groups. System Insights will be automatically enabled on the target device groups, as well as new devices added to these groups.<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configure-disk-use-monitoring-rule\">Configuring Disk Use Monitoring Rule<\/h2>\n\n\n\n<p>The drive where the Operating System (OS) is installed must have adequate free space to allow the device to function smoothly. The OS requires free space for temporary files and updates. As disk space declines, the device may slow down and critical updates may be missed, creating vulnerabilities. Monitoring disk usage helps admins track space and prevent slowdowns or crashes due to full disks.<\/p>\n\n\n\n<ul>\n<li>Using the Disk Use Monitoring rule template, you can create monitoring rules and specify a threshold in the condition.&nbsp;<\/li>\n\n\n\n<li>Once enabled, the rule monitors the System Insights data for all active devices in the selected Device Groups. This data is refreshed every 60 minutes.&nbsp;<\/li>\n\n\n\n<li>When the space available in the System Drive reaches or drops below the threshold specified in the Conditions section, an alert is generated.<\/li>\n<\/ul>\n\n\n\n<p>To configure the rule:<\/p>\n\n\n\n<ol>\n<li>On the Rules dashboard, click <strong>+Rule<\/strong> to view the predefined rule templates.<\/li>\n\n\n\n<li>Select <strong>Disk Use Monitoring Rule<\/strong>.<\/li>\n\n\n\n<li>Update the rule name as required.&nbsp;Ensure the name is unique, concise and indicates what the rule does.<\/li>\n\n\n\n<li>Add more relevant details in the description and explain the purpose of the rule.&nbsp;<\/li>\n\n\n\n<li>In the <strong>Conditions<\/strong> section, select the <strong>Condition. <\/strong>Currently, you can create a rule for the <strong>System Drive<\/strong> only<strong>.<\/strong>\n<ul>\n<li>For <strong>Capacity Measurement<\/strong>, select<strong> Percentage<\/strong> or <strong>MB<\/strong>.<\/li>\n\n\n\n<li>Enter the value.&nbsp;<br>You can add multiple conditions using <strong>Add Condition<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>This sets the threshold. If disk space drops below it, the rule will generate an alert.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"6\">\n<li>Use the <strong>Priority<\/strong> dropdown to assign a priority level to the rule &#8211; <strong>Low<\/strong>,<strong> Medium<\/strong>, and <strong>High<\/strong>. This helps prioritize alerts and manage responses according to the severity of the issue.&nbsp;<\/li>\n\n\n\n<li>Click the <strong>Device Groups<\/strong> tab and select the groups that you want to monitor for this rule. You can select multiple device groups. System Insights will be automatically enabled on the target device groups, as well as new devices added to these groups.<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configuring-managed-software-installation-failure-rule\">Configuring Managed Software Installation Failure Rule<\/h2>\n\n\n\n<p>JumpCloud Managed Software refers to the apps that are configured, deployed and maintained by JumpCloud. Monitor managed software installation failures to ensure critical apps and updates are properly deployed across your system. See <a href=\"https:\/\/jumpcloud.com\/support\/software-management\">Get Started: Software <\/a><a href=\"https:\/\/jumpcloud.com\/support\/software-management\" target=\"_blank\" rel=\"noreferrer noopener\">Management<\/a> to learn more.<\/p>\n\n\n\n<ul>\n<li>Using the Configure Managed Software Installation failure rule template, you can set up monitoring rules and specify all JumpCloud managed software apps in the conditions section.&nbsp;<\/li>\n\n\n\n<li>Once enabled,&nbsp; when a JumpCloud managed app fails to install on a device, an alert is generated&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Ensure all JumpCloud Managed Software apps are added in the Software Management section before configuring the rule.<\/p>\n\n\n\n<p><strong>To configure the rule:<\/strong><\/p>\n\n\n\n<ol>\n<li>On the Rules dashboard, click <strong>+Rule<\/strong> to view the predefined rule templates. <\/li>\n\n\n\n<li>Select <strong>Managed Software Installation Failure<\/strong>.<\/li>\n\n\n\n<li>Update the rule name as required.<strong> Ensure the name is unique, concise and indicates what the rule does<\/strong>.<\/li>\n\n\n\n<li>Add more relevant details in the description and explain the purpose of the rule.&nbsp;<\/li>\n\n\n\n<li>In the <strong>Conditions<\/strong> section, search and select the software from your software list. You can add all the software that you want to monitor here.&nbsp;<\/li>\n\n\n\n<li>Use the <strong>Priority<\/strong> dropdown to assign a priority level to the rule &#8211; <strong>Low<\/strong>,<strong> Medium<\/strong>, and <strong>High<\/strong>. This helps prioritize alerts and manage responses according to the severity of the issue.&nbsp;<\/li>\n\n\n\n<li>For <strong>Existing Alerts:<\/strong><\/li>\n\n\n\n<li><strong>Enable <\/strong>this to generate alerts for all managed apps that failed to install in the most recent execution before the rule was activated. See <a href=\"https:\/\/jumpcloud.com\/support\/configure-rules-for-jumpcloud-alerts#understanding-existing-conditions\" target=\"_blank\" rel=\"noreferrer noopener\">Understanding Existing Conditions<\/a> to learn more.<\/li>\n\n\n\n<li><strong>Disable<\/strong> this to only generate alerts for managed apps that fail to install after the rule is active.<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Alerts generated by this rule will be auto-resolved once the app is successfully installed on the device.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configure-new-users-in-jumpcloud-directory-rule\">Configuring New Users in JumpCloud Directory Rule<\/h2>\n\n\n\n<p>Monitoring new user additions is a critical part of securing an IT environment, ensuring only authorized users have access and mitigating risks associated with unauthorized account creation.<\/p>\n\n\n\n<ul>\n<li>Using the New Users in JumpCloud Directory rule template, you can create a monitoring rule to keep an eye on new users being added to the JumpCloud directory.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Once enabled, the rule monitors JumpCloud Directory for user addition events and generates an alert every time a new user is added to Jumpcloud.&nbsp;<\/li>\n\n\n\n<li>Whether added via cloud directory or manually, enabling this rule will generate real-time alerts.<\/li>\n<\/ul>\n\n\n\n<p>To configure the rule:<\/p>\n\n\n\n<ol>\n<li>On the Rules dashboard, click <strong>+Rule<\/strong> to view the predefined rule templates. <\/li>\n\n\n\n<li>Select <strong>New Users in JumpCloud Directory<\/strong>.<\/li>\n\n\n\n<li>Update the rule name as required. Ensure the name is unique, concise and indicates what the rule does.<\/li>\n\n\n\n<li>Add more relevant details in the description and explain the purpose of the rule.&nbsp;<\/li>\n\n\n\n<li>No action required in the <strong>Conditions <\/strong>section.<\/li>\n\n\n\n<li>Use the <strong>Priority<\/strong> dropdown to assign a priority level to the rule &#8211; <strong>Low<\/strong>,<strong> Medium<\/strong>, and <strong>High<\/strong>. This helps prioritize alerts and manage responses according to the severity of the issue.&nbsp;<\/li>\n\n\n\n<li>Click <strong>Save<\/strong> to save the rule.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configure-policy-application-failure-rule\">Configuring Policy Application Failure Rule<\/h2>\n\n\n\n<p>Monitoring policy application failures ensures all security measures, configurations, and compliance guidelines are properly enforced.<\/p>\n\n\n\n<ul>\n<li>Using the Policy Application Failure rule template, you can quickly set up monitoring rules and specify all the critical policies.&nbsp;<\/li>\n\n\n\n<li>Once enabled, the rule checks for all the policy application events across your device fleet. When any of the specified policies fail to apply, an alert is generated.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>You need to add all the required policies in the Policy Management section. See <a href=\"https:\/\/jumpcloud.com\/support\/get-started-policies\" target=\"_blank\" rel=\"noreferrer noopener\">Get Started: Policies<\/a> to learn more.&nbsp;<\/p>\n\n\n\n<p><strong>To configure the rule:<\/strong><\/p>\n\n\n\n<ol>\n<li>On the Rules dashboard, click <strong>+Rule<\/strong> to view the predefined rule templates. <\/li>\n\n\n\n<li>Select <strong>Policy Application Failure<\/strong>.<\/li>\n\n\n\n<li>Update the rule name as required.&nbsp;Ensure the name is unique, concise and indicates what the rule does.<\/li>\n\n\n\n<li>Add more relevant details in the description and explain the purpose of the rule. .&nbsp;<\/li>\n\n\n\n<li>In the <strong>Conditions<\/strong> section, search and select the policies from the list. You can add multiple policies to monitor here.&nbsp;<\/li>\n\n\n\n<li>Use the <strong>Priority<\/strong> dropdown to assign a priority level to the rule &#8211; <strong>Low<\/strong>, <strong>Medium<\/strong>, and <strong>High<\/strong>. This helps prioritize alerts and manage responses according to the severity of the issue.&nbsp;<\/li>\n\n\n\n<li>For <strong>Existing Conditions:<\/strong>\n<ul>\n<li><strong>Enable <\/strong>this to generate alerts for all policies that failed to apply during the latest application run before rule activation. See <a href=\"https:\/\/jumpcloud.com\/support\/configure-rules-for-jumpcloud-alerts#understanding-existing-conditions\">Understanding Existing Conditions<\/a> to learn more.<\/li>\n\n\n\n<li><strong>Disable<\/strong> this to only generate alerts for policy applications that fail after the rule is active.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Alerts generated by this rule will be auto-resolved if the policy application is successful.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configure-software-addition-rule\">Configuring Software Addition Rule<\/h2>\n\n\n\n<p>Monitoring software addition helps detect unauthorized installations and maintain network security.<\/p>\n\n\n\n<ul>\n<li>Using the Software Addition rule template, you can create rules and to monitor the specified software.<\/li>\n\n\n\n<li>Once enabled, the rule monitors System Insights data from all active devices in the selected Device Groups. This data is refreshed every 60 minutes.&nbsp;&nbsp;<\/li>\n\n\n\n<li>When any of the specified software is added to a device, an alert is generated.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>You need to have a list of all the unauthorized software that you want to monitor.&nbsp;<\/p>\n\n\n\n<p><strong>To configure the rule:<\/strong><\/p>\n\n\n\n<ol>\n<li>On the Rules dashboard, click <strong>+Rule<\/strong> to view the predefined rule templates. <\/li>\n\n\n\n<li>Select <strong>Software Addition<\/strong>.<\/li>\n\n\n\n<li>Update the rule name as required. Ensure the name is unique, concise and indicates what the rule does.<\/li>\n\n\n\n<li>Add more relevant details in the description and explain the purpose of the rule.&nbsp;<\/li>\n\n\n\n<li>In the <strong>Conditions<\/strong> section, select the <strong>Operator<\/strong>.&nbsp;\n<ul>\n<li><strong>Equals:<\/strong> To specify the exact name and then add the name in the <strong>Value<\/strong> field.<\/li>\n\n\n\n<li><strong>Contains: <\/strong>To add a few matching characters and then add the characters in the <strong>Value<\/strong> field.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>Use the Equals operator to specify the exact software name you want to monitor for relevant alerts. For example, to receive alerts when BitTorrent is uninstalled, enter its exact name.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>Use <strong>Add Condition<\/strong> to add more conditions to the rule. You can delete the condition by clicking the <strong>Delete<\/strong> icon.The rule needs at least one condition.<\/p>\n\n\n\n<ol start=\"6\">\n<li>Use the <strong>Priority<\/strong> dropdown to assign a priority level to the rule &#8211; <strong>Low<\/strong>, <strong>Medium<\/strong>, and<strong> High<\/strong>. This helps prioritize alerts and manage responses according to the severity of the issue.&nbsp;<\/li>\n\n\n\n<li>Click the <strong>Device Groups<\/strong> tab and select the groups that you want to monitor for this rule. You can select multiple device groups. System Insights will be automatically enabled on the target device groups, as well as new devices added to these groups.<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configure-software-removal-rule\">Configuring Software Removal Rule<\/h2>\n\n\n\n<p>Monitoring mandatory software removal helps admins detect unauthorized or accidental uninstallations, ensuring system security and compliance.<\/p>\n\n\n\n<ul>\n<li>Using the Software Removal rule template, you can set up rules to monitor the specified software.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Once enabled, the rule monitors System Insights data from all active devices in the selected Device Groups. This data is refreshed every 60 minutes.&nbsp;<\/li>\n\n\n\n<li>When any of the specified software is uninstalled from a device, an alert is generated.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>You need to have a list of all the mandatory software that you want to monitor.&nbsp;<\/p>\n\n\n\n<p>To configure the rule:<\/p>\n\n\n\n<ol>\n<li>On the Rules dashboard, click <strong>+Rule<\/strong> to view the predefined rule templates. <\/li>\n\n\n\n<li>Select <strong>Software Removal<\/strong>.<\/li>\n\n\n\n<li>Update the rule name as required.&nbsp;Ensure the name is unique, concise and indicates what the rule does.<\/li>\n\n\n\n<li>Add more relevant details in the description and explain the purpose of the rule.<\/li>\n\n\n\n<li>In the <strong>Conditions<\/strong> section, select the <strong>Operator<\/strong>.&nbsp;\n<ul>\n<li><strong>Equals:<\/strong> To specify the exact name and then add the name in the <strong>Value<\/strong> field.<\/li>\n\n\n\n<li><strong>Contains: <\/strong>To add some matching characters and then add the characters in the <strong>Value<\/strong> field.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<ul>\n<li>Use the <strong>Equals<\/strong> operator to specify the exact software name for more relevant alerts. For example, to be alerted when antivirus software is uninstalled, enter its exact name.<\/li>\n\n\n\n<li>Use <strong>Add Condition<\/strong> to add more conditions to the rule. You can delete the condition by clicking the Delete icon. The rule needs at least one condition.<\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"6\">\n<li>Use the <strong>Priority<\/strong> dropdown to assign a priority level to the rule &#8211; <strong>Low<\/strong>, <strong>Medium<\/strong>, and <strong>High<\/strong>. This helps prioritize alerts and manage responses according to the severity of the issue.&nbsp;<\/li>\n\n\n\n<li>Click the <strong>Device Groups<\/strong> tab and select the groups to monitor for this rule. You can choose multiple groups. System Insights will be automatically enabled on the target device groups, as well as new devices added to these groups.<\/li>\n\n\n\n<li>Click <strong>Sav<\/strong>e.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configure-user-and-user-group-permission-elevation-rule\">Configuring User and User Group Permission Elevation Rule<\/h2>\n\n\n\n<p>Using the User and User Group Permission Elevation rule template, you can set up monitoring rules to get alerted when a user or user is granted elevated system privileges.&nbsp;<\/p>\n\n\n\n<p>Currently the rule monitors the following elevated privileges:<\/p>\n\n\n\n<ul>\n<li>Administrative\/Sudo access<\/li>\n\n\n\n<li>Passwordless Sudo access<\/li>\n<\/ul>\n\n\n\n<p>This rule monitors JumpCloud Directory events and generates real-time alerts when a user or user group is granted any elevated permissions specified in the Conditions section.<\/p>\n\n\n\n<p><strong>To configure the rule:<\/strong><\/p>\n\n\n\n<ol>\n<li>On the Rules dashboard, click <strong>+Rule<\/strong> to view the predefined rule templates. <\/li>\n\n\n\n<li>Select <strong>User and User Group Permission Elevation<\/strong>.<\/li>\n\n\n\n<li>Update the rule name as required.&nbsp;Ensure the name is unique, concise and indicates what the rule does.<\/li>\n\n\n\n<li>Add more relevant details in the description and explain the purpose of the rule.&nbsp;<\/li>\n\n\n\n<li>No action required In the <strong>Conditions<\/strong> section.<\/li>\n\n\n\n<li>Use the <strong>Priority<\/strong> dropdown to assign a priority level to the rule &#8211;<strong> Low<\/strong>, <strong>Medium<\/strong>, and <strong>High<\/strong>. This helps prioritize alerts and manage responses according to the severity of the issue.&nbsp;<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>You can use predefined rule templates to configure monitoring rules based on your needs.&nbsp;While the predefined rule templates are designed [&hellip;]<\/p>\n","protected":false},"author":223,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[3307,2853],"support_tag":[],"coauthors":[3144],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Understand Rule Templates for Alerts - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn more about predefined defined rule templates for monitoring and how to configure them using JumpCloud Admin Portal.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Understand Rule Templates for Alerts\" \/>\n<meta property=\"og:description\" content=\"Learn more about predefined defined rule templates for monitoring and how to configure them using JumpCloud Admin Portal.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-09T12:26:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"17 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"sweta.soumya@jumpcloud.com\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts\",\"url\":\"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts\",\"name\":\"Understand Rule Templates for Alerts - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2024-12-03T12:30:39+00:00\",\"dateModified\":\"2024-12-09T12:26:41+00:00\",\"description\":\"Learn more about predefined defined rule templates for monitoring and how to configure them using JumpCloud Admin Portal.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Understand Rule Templates for Alerts\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Understand Rule Templates for Alerts - JumpCloud","description":"Learn more about predefined defined rule templates for monitoring and how to configure them using JumpCloud Admin Portal.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts","og_locale":"en_US","og_type":"article","og_title":"Understand Rule Templates for Alerts","og_description":"Learn more about predefined defined rule templates for monitoring and how to configure them using JumpCloud Admin Portal.","og_url":"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts","og_site_name":"JumpCloud","article_modified_time":"2024-12-09T12:26:41+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"17 minutes","Written by":"sweta.soumya@jumpcloud.com"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts","url":"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts","name":"Understand Rule Templates for Alerts - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2024-12-03T12:30:39+00:00","dateModified":"2024-12-09T12:26:41+00:00","description":"Learn more about predefined defined rule templates for monitoring and how to configure them using JumpCloud Admin Portal.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/understand-rule-templates-for-alerts#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Understand Rule Templates for Alerts"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/117983"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/223"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/117983\/revisions"}],"predecessor-version":[{"id":118311,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/117983\/revisions\/118311"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=117983"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=117983"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=117983"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=117983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}