You can configure which events and security incidents generate an alert or a ticket in ConnectWise.
When you install the WatchGuard Endpoint Security Plug-in, it automatically installs the required scripts, monitors, and email template for ConnectWise Automate to generate the alerts and tickets.
You can create alerts and tickets for these events:
|Event||Alert Severity||Ticket Priority||Message||Description|
|Protection status error||Error||Critical||WatchGuard protection status error||There is a protection status (advanced protection, knowledge, anti-virus) error on the device.|
|Machines without license||Informational||Critical||Machines without a valid license or over allocated||The device does not have a valid endpoint security product license or there is an over allocation of licenses.|
|Restart required (pending upgrade)||Warning||Normal||Machine pending restart due to protection upgrade||A device requires a restart after the installation of an endpoint security product update.|
|Installation failed||Warning||High||WatchGuard protection installation error||The installation of an endpoint security product on a device has failed.|
|Malware executed||Critical||Critical||Malware executed in the machine||Malware has been executed on a device.|
|PUP executed||Critical||Critical||PUP executed in the machine||Potentially unwanted programs (PUPs) have been executed on a device.|
|Indicator of attack detected||Critical||Critical||Indicator of attack detected in the machine||Confirmed events that are highly likely to be an attack are detected on a device.|
Configure Alerts and Tickets
To configure alerts and tickets:
- Select Configuration > Alerts and Tickets.
- For each event, select the Create Alert check box to generate the alert in ConnectWise.
- For each event, select the Create Ticket check box to generate a ticket in ConnectWise.
- In the Email text box, type the email address that will receive the alert or ticket notification.
- Click Save.