Zecurit lets you define granular alert policies and associate them with device groups, so that alerts are automatically triggered when defined conditions are met. These alerts serve as early warning indicators for IT teams, helping them monitor changes, threats and compliance issues across the environment.
Step 1: Associate Policy to Groups
Once an alert policy is created and published, associate it with the relevant device groups:
- Navigate to Alerts → Associate Policy tab.
- Select one or more device groups from the list.
- Click “Associate Policy”.
- In the popup window, select from available published alert policies.
- Click Associate to apply them to the selected groups.
Only published policies can be associated.
Viewing Policy Count by Group
- In the group list, the Policy Count column shows how many alert policies are assigned to each group.
- Click the policy count number to view:
- Group details
- Associated policy names
- Policy type and severity
Step 2: Alerts Tab: Reviewing Triggered Alerts
Once an associated policy condition is met during an inventory scan, an alert is automatically generated and an email notification is sent to the configured recipients.
Access the alerts from the Alerts → Alerts tab.
Alert Table Includes:
| Field | Description |
|---|---|
| Level | Severity of the alert (Critical, High, Medium, Low) |
| Alert Type | Type of alert (e.g., Hardware Added, Software Installed, License Expired) |
| Time | Timestamp when the alert was triggered |
| Computer Name | Name of the device where the condition was detected |
| Alert Message | Description of what triggered the alert |
| Remarks | Admin can add notes, comments, or investigation steps |
| Status | Track resolution with statuses: Open, In Progress, Resolved, Dismissed |
Admins and technicians can update status and add remarks for follow-up or escalation.
Why this feature matters
This alerting system helps your IT and Help Desk teams:
- Proactively detect and respond to hardware/software/configuration changes.
- Ensure compliance with internal policies and regulatory standards.
- Quickly mitigate threats, such as disabled antivirus or expired certificates.
- Track and resolve incidents efficiently with alert statuses and comments.
- Integrate with ticketing workflows, using alerts as automated triggers for ticket creation, escalation and resolution tracking.
By keeping alerts group-targeted and actionable, Zecurit ensures better visibility, faster response and smarter management of your endpoint infrastructure.
Alert Status Lifecycle
Zecurit’s Alert Status Lifecycle helps IT admins and support teams track, manage and resolve alerts efficiently by organizing each alert through well-defined statuses. This system ensures that critical incidents are acknowledged, investigated and resolved in a structured and auditable manner.
Available Alert Statuses
| Status | Purpose | When to Use |
|---|---|---|
| Open | Default status when an alert is generated | Use this to indicate a newly raised issue that hasn’t been reviewed yet |
| In Progress | Assigned for active investigation or troubleshooting | When an admin or technician begins working on the alert |
| Resolved | Issue has been fixed or the condition is no longer valid | Use when the root cause has been addressed (e.g., disk space freed, software removed) |
| Dismissed | Alert is acknowledged but requires no action | Use for known or non-critical conditions (e.g., approved software installed) |
How to Manage Alert Status
- Navigate to Alerts → Alerts tab.
- Select an alert from the list.
- Click the Status dropdown to change the current status.
- Optionally, add notes in the Remarks field for tracking investigation steps, findings, or ticket references.
Status updates are logged in the activity system for audit trails.
Use Cases & Best Practices
| Use Case | Recommended Status |
|---|---|
| New USB device detected on a critical server | Open → In Progress → Resolved |
| Antivirus disabled due to user action | Open → In Progress → Resolved |
| Prohibited software installed but allowed by exception | Open → Dismissed |
| License expired but renewal is underway | Open → In Progress |
| Routine hardware change by IT team | Open → Dismissed with remarks |
Why use Alert Lifecycle?
- Keeps teams accountable by assigning ownership and tracking resolution progress.
- Provides context through remarks for every alert.
- Avoids alert fatigue by dismissing false positives and reducing noise.
- Improves auditability and compliance through status tracking.
- Supports integration with ITSM systems, mapping alert status to ticket workflows.
Access Control
- Only users with appropriate permissions (Admin/Technician) can change alert statuses and add remarks.
- All changes are logged under the Activity Log module.