The Alert Policy module in Zecurit enables administrators to define intelligent rules for monitoring hardware, software, licenses, certificates, security settings and system health. These policies proactively notify admins when certain conditions are met during inventory scans, helping teams detect anomalies, compliance violations and system issues in real-time.
How It Works
- Admins create alert policies based on predefined conditions and assign them to specific device groups.
- During scheduled or on-demand inventory scans, these conditions are evaluated.
- If a device within the group meets the condition, an alert is generated.
- Notifications can also be sent to the configured email addresses for prompt action.
Navigating the Alerts Module
The Alerts module has three tabs:
- Alerts: View triggered alerts and their status.
- Alert Policy: Create and manage alert policies (this document).
- Associate Policy: Link alert policies to device groups.
Creating an Alert Policy
To create a new alert policy:
- Navigate to Alerts → Alert Policy tab.
- Click Create Policy.
- Fill in the following details:
Alert Policy Inputs
| Field | Description |
|---|---|
| Alert Policy Name* | A unique name for the alert policy. |
| Description | Optional context for the policy’s purpose. |
| Priority* | Set the severity level: Critical, High, Medium, or Low. |
| Notification Email | Email address(es) to notify when the alert is triggered. |
Supported Alert Types & Conditions
The platform supports alert policies across various asset categories:
| Alert Type | Example Use Case |
|---|---|
| Hardware Alerts | Get alerted when a USB device is added to a sensitive endpoint. |
| Software Alerts | Alert when prohibited or unapproved software is installed on a device. |
| License Alerts | Notify when your antivirus license is about to expire in 10 days. |
| Certificate Alerts | Ensure expiring TLS certificates are renewed before service disruption. |
| Disk Space Alerts | Alert if any system partition drops below 10% free space. |
| Security Alerts | High-priority alert if an endpoint’s antivirus service is stopped or disabled. |
Publishing the Policy
After configuring the conditions:
- Click Publish to activate the policy.
- Or save as Draft if you plan to review or edit later.
- Click Cancel to discard changes.
Once published, go to the Associate Policy tab to link this alert policy to specific device groups.
Associating Alert Policies
An alert policy has no effect until it’s associated with one or more device groups. To associate:
- Go to the Associate Policy tab.
- Select the policy and choose target groups.
- Save your changes.
Notes
- Alert evaluation occurs during inventory scans.
- One policy can be assigned to multiple groups.
- Multiple policies can apply to a single group.
- All triggered alerts will be listed under the Alerts tab with full context, timestamp, and status.
Best Practices
- Use critical priority for security and license expiry issues.
- Group devices by function (e.g., servers, endpoints) and assign tailored alert rules.
- Regularly review email recipients for up-to-date notification routing.
- Periodically audit draft policies that haven’t been published.
Next Step:
Associate this alert policy with groups to enable alert monitoring.