Configuring Alerts

Status Rules are the heart of ShadowControl's monitoring. These rules set the thresholds that ShadowControl uses to alert administrators about a change in EndPoint status. ShadowControl provides settings for:

• ShadowControl Rules
• ShadowProtect Rules
• ImageManager Rules
• ITSM Notifications

ShadowControl includes a default status rule policy with some rules active and others disabled, but ShadowControl administrators should modify the default settings to address their specific needs. For example, an administrator may create a unique status rule policy called "DB Server" that have rule thresholds appropriate for this type of EndPoint. The administrator can then assign this policy to all database server EndPoints to make sure each is monitored consistently.

Severity and State

ShadowControl alerts operate on the concept of severity and state:

• Severity: Defines how serious ShadowControl should consider a rule violation. Most status rules let the administrator define the severity of a given rule, either Warning or Critical. When an EndPoint violates a rule, the severity determines the resulting state of the EndPoint.
• State: Defines the current condition of the EndPoint, based on the status rules, if any, it has violated. EndPoint state equals that of the most severe rule it has violated. Violating a Warning rule results in a "Warning" (Yellow) state, and violating a Critical rule results in a "Critical" (Red) state.

Important! ShadowControl automatically upgrades an EndPoint's state once it passes a previously violated rule, as long as no other rule violation prevents this.

State-Based Alerts

ShadowControl bases its alerting on EndPoint state, not rule violation; meaning that it sends alerts based on a change in the EndPoint's state, not for each rule violation. For example, if an EndPoint violates a Warning rule, it enters a Warning state and ShadowControl issues an alert. If the same EndPoint then violates another Warning rule, ShadowControl does nothing. However, if the same EndPoint then violates a Critical rule, it enters a Critical state and ShadowControl issues another alert.

Organizations and Status Rule Policies

Organizations and Status Rule Policies allow granular and flexible control over which EndPoints in an organization use which rule policy. For example, dividing EndPoints into organizations can be based on location--New York, London, Tokyo. The EndPoints in each of these organizations can then be assigned different policies: a Server Policy, a PC Policy, or a Laptop Policy; rather than a single organization-wide policy.