{"id":2545,"date":"2025-07-02T12:23:43","date_gmt":"2025-07-02T12:23:43","guid":{"rendered":"https:\/\/zecurit.com\/help\/docs\/asset-manager\/asset-management\/policy-association-to-groups\/"},"modified":"2025-07-04T15:14:11","modified_gmt":"2025-07-04T15:14:11","slug":"policy-association-to-groups","status":"publish","type":"docs","link":"https:\/\/zecurit.com\/help\/asset-management\/asset-management\/alerts-compliance\/policy-association-to-groups\/","title":{"rendered":"Policy Association to Groups"},"content":{"rendered":"\n<p>Zecurit lets you define granular <strong>alert policies<\/strong> and associate them with <strong>device groups<\/strong>, so that alerts are automatically triggered when defined conditions are met. These alerts serve as early warning indicators for IT teams, helping them monitor changes, threats and compliance issues across the environment.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Step 1: Associate Policy to Groups<\/strong><\/h2>\n\n\n\n<p>Once an <strong>alert policy<\/strong> is created and published, associate it with the relevant device groups:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Navigate to <strong>Alerts \u2192 Associate Policy<\/strong> tab.<\/li>\n\n\n\n<li>Select one or more <strong>device groups<\/strong> from the list.<\/li>\n\n\n\n<li>Click <strong>\u201cAssociate Policy\u201d<\/strong>.<\/li>\n\n\n\n<li>In the popup window, select from available <strong>published alert policies<\/strong>.<\/li>\n\n\n\n<li>Click <strong>Associate<\/strong> to apply them to the selected groups.<\/li>\n<\/ol>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Only published policies can be associated.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Viewing Policy Count by Group<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In the group list, the <strong>Policy Count<\/strong> column shows how many alert policies are assigned to each group.<\/li>\n\n\n\n<li>Click the <strong>policy count<\/strong> number to view:\n<ul class=\"wp-block-list\">\n<li>Group details<\/li>\n\n\n\n<li>Associated policy names<\/li>\n\n\n\n<li>Policy type and severity<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Step 2: Alerts Tab: Reviewing Triggered Alerts<\/strong><\/h2>\n\n\n\n<p>Once an associated policy condition is met during an <strong>inventory scan<\/strong>, an <strong>alert is automatically generated<\/strong> and an <strong>email notification<\/strong> is sent to the configured recipients.<\/p>\n\n\n\n<p>Access the alerts from the <strong>Alerts \u2192 Alerts<\/strong> tab.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Alert Table Includes:<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Field<\/strong><\/th><th><strong>Description<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>Level<\/strong><\/td><td>Severity of the alert (Critical, High, Medium, Low)<\/td><\/tr><tr><td><strong>Alert Type<\/strong><\/td><td>Type of alert (e.g., Hardware Added, Software Installed, License Expired)<\/td><\/tr><tr><td><strong>Time<\/strong><\/td><td>Timestamp when the alert was triggered<\/td><\/tr><tr><td><strong>Computer Name<\/strong><\/td><td>Name of the device where the condition was detected<\/td><\/tr><tr><td><strong>Alert Message<\/strong><\/td><td>Description of what triggered the alert<\/td><\/tr><tr><td><strong>Remarks<\/strong><\/td><td>Admin can add notes, comments, or investigation steps<\/td><\/tr><tr><td><strong>Status<\/strong><\/td><td>Track resolution with statuses: Open, In Progress, Resolved, Dismissed<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Admins and technicians can update <strong>status<\/strong> and add <strong>remarks<\/strong> for follow-up or escalation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Why this feature matters<\/strong><\/h2>\n\n\n\n<p>This alerting system helps your IT and Help Desk teams:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Proactively detect and respond<\/strong> to hardware\/software\/configuration changes.<\/li>\n\n\n\n<li><strong>Ensure compliance<\/strong> with internal policies and regulatory standards.<\/li>\n\n\n\n<li><strong>Quickly mitigate threats<\/strong>, such as disabled antivirus or expired certificates.<\/li>\n\n\n\n<li><strong>Track and resolve incidents efficiently<\/strong> with alert statuses and comments.<\/li>\n\n\n\n<li><strong>Integrate with ticketing workflows<\/strong>, using alerts as automated triggers for ticket creation, escalation and resolution tracking.<\/li>\n<\/ul>\n\n\n\n<p>By keeping alerts <strong>group-targeted and actionable<\/strong>, Zecurit ensures <strong>better visibility<\/strong>, <strong>faster response<\/strong> and <strong>smarter management<\/strong> of your endpoint infrastructure.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Alert Status Lifecycle<\/strong><\/h1>\n\n\n\n<p>Zecurit\u2019s <strong>Alert Status Lifecycle<\/strong> helps IT admins and support teams <strong>track, manage and resolve alerts efficiently<\/strong> by organizing each alert through well-defined statuses. This system ensures that <strong>critical incidents are acknowledged, investigated and resolved<\/strong> in a structured and auditable manner.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Available Alert Statuses<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Status<\/strong><\/th><th><strong>Purpose<\/strong><\/th><th><strong>When to Use<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>Open<\/strong><\/td><td>Default status when an alert is generated<\/td><td>Use this to indicate a newly raised issue that hasn\u2019t been reviewed yet<\/td><\/tr><tr><td><strong>In Progress<\/strong><\/td><td>Assigned for active investigation or troubleshooting<\/td><td>When an admin or technician begins working on the alert<\/td><\/tr><tr><td><strong>Resolved<\/strong><\/td><td>Issue has been fixed or the condition is no longer valid<\/td><td>Use when the root cause has been addressed (e.g., disk space freed, software removed)<\/td><\/tr><tr><td><strong>Dismissed<\/strong><\/td><td>Alert is acknowledged but requires no action<\/td><td>Use for known or non-critical conditions (e.g., approved software installed)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How to Manage Alert Status<\/strong><\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Navigate to <strong>Alerts \u2192 Alerts<\/strong> tab.<\/li>\n\n\n\n<li>Select an alert from the list.<\/li>\n\n\n\n<li>Click the <strong>Status dropdown<\/strong> to change the current status.<\/li>\n\n\n\n<li>Optionally, add notes in the <strong>Remarks<\/strong> field for tracking investigation steps, findings, or ticket references.<\/li>\n<\/ol>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Status updates are logged in the activity system for audit trails.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Use Cases &amp; Best Practices<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Use Case<\/strong><\/th><th><strong>Recommended Status<\/strong><\/th><\/tr><\/thead><tbody><tr><td>New USB device detected on a critical server<\/td><td>Open \u2192 In Progress \u2192 Resolved<\/td><\/tr><tr><td>Antivirus disabled due to user action<\/td><td>Open \u2192 In Progress \u2192 Resolved<\/td><\/tr><tr><td>Prohibited software installed but allowed by exception<\/td><td>Open \u2192 Dismissed<\/td><\/tr><tr><td>License expired but renewal is underway<\/td><td>Open \u2192 In Progress<\/td><\/tr><tr><td>Routine hardware change by IT team<\/td><td>Open \u2192 Dismissed with remarks<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Why use Alert Lifecycle?<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keeps teams <strong>accountable<\/strong> by assigning ownership and tracking resolution progress.<\/li>\n\n\n\n<li>Provides <strong>context<\/strong> through remarks for every alert.<\/li>\n\n\n\n<li>Avoids alert fatigue by <strong>dismissing false positives<\/strong> and reducing noise.<\/li>\n\n\n\n<li>Improves <strong>auditability<\/strong> and compliance through status tracking.<\/li>\n\n\n\n<li>Supports <strong>integration with ITSM systems<\/strong>, mapping alert status to ticket workflows.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Access Control<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Only users with appropriate permissions (Admin\/Technician) can change alert statuses and add remarks.<\/li>\n\n\n\n<li>All changes are logged under the <strong>Activity Log<\/strong> module.<\/li>\n<\/ul>\n","protected":false},"featured_media":0,"parent":2543,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","doc_tag":[],"class_list":["post-2545","docs","type-docs","status-publish","hentry"],"comment_count":0,"_links":{"self":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2545","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/types\/docs"}],"replies":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/comments?post=2545"}],"version-history":[{"count":2,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2545\/revisions"}],"predecessor-version":[{"id":2658,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2545\/revisions\/2658"}],"up":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2543"}],"wp:attachment":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/media?parent=2545"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/doc_tag?post=2545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}