/build/static/layout/Breadcrumb_cap_w.png

Software Question


Software Detect alert report

03/21/2017 998 views
Hello,
I'm looking for a way to have Kace send an alert or report to me when it detects a certain piece of software installed on any machine? I've already created a daily report but I would like it report me if someone installs it and Kace inventories it. Is there a way?

Thanks

5 Comments   [ + ] Show comments

Comments

  • Are you looking for some kind of "trigger" that would generate and send you a message as soon as the software is detected in inventory?
  • yes that's exactly what I'm looking for. Message could be a report generated. It doesn't have to send a report right away, it could be within 24 hours if a I don't want on computers software is detected
    • You mentioned the daily report you get. Is that already configured for the software you are interested in? If so, you can use that to create a notification and have it send as frequently as every 15 minutes if the criteria is met (in this case, that software has been detected). Otherwise it won't send an e-mail to you.
      • yes that would be perfectly fine. Report I use gets sent every 24 hours but it has the same information over and over again but when information changes, it's hard to notice the changed so it gets missed. So that being said, I use this sql below. This detects any version of Filezilla and it will create a report on which machine has it installed. Now if I could take this and make so it only sends an email say 15 minutes after it's been detected otherwise no report.


        SELECT MACHINE.NAME AS SYSTEM_NAME, USER_FULLNAME,
        USER_LOGGED,
        GROUP_CONCAT(DISTINCT SOFTWARE.DISPLAY_NAME SEPARATOR '\n') AS SOFTWARE_DISPLAY_NAME_GROUPED ,
        GROUP_CONCAT(DISTINCT SOFTWARE.DISPLAY_VERSION SEPARATOR '\n') AS SOFTWARE_DISPLAY_VERSION_GROUPED
        FROM MACHINE
        LEFT JOIN MACHINE_SOFTWARE_JT ON (MACHINE_SOFTWARE_JT.MACHINE_ID = MACHINE.ID)
        LEFT JOIN SOFTWARE ON (SOFTWARE.ID = MACHINE_SOFTWARE_JT.SOFTWARE_ID)
        WHERE (SOFTWARE.DISPLAY_NAME like '%Filezilla%')
        GROUP BY MACHINE.ID ORDER BY SYSTEM_NAME
  • Under Reporting go to Notifications and create a new Notification using that SQL code. Set the frequency to every 15 minutes. If nothing is applicable, you shouldn't get an e-mail. One I have configured for daily notification only e-mails me when the criteria returns a result. Try that and test it out. Assuming it works like the one I set up, you won't e-mails every 15 minutes unless Filezilla is found following an Inventory.
    • when I click new notification, I get create new Device, Discovery, Asset or Monitoring notification. None of these allow me to add SQL
      • I just created a new one (it has been a long time). Create a new Monitoring Notification with the name you want and your e-mail address. Save it. Then go back into the Monitoring Notification you created, then select "To edit the Notification using this editor, click here" which shows you the SQL. You can delete that and paste your SQL code. Then save again.
  • if this works, I will kiss you.
    • Let me know if it does so I can be prepared.
  • it doesn't work. It does send out an email every 15 minutes but it sends out a blank email with Empty columns. Severity, Message, Device, Initial Alert, Latest Alert, Number of alerts and Status. Even though I copy and pasted my own SQL in there, I'm not sure why it has this output.
    • I just tried one and got the same result. I am trying again choosing "Device" for the Type, which I now see my others are using.
      • That worked in so much as I got a report with machine names. So, in my case, selecting Device instead of Monitoring Alerts Notification did the trick.

All Answers

0
You want to look at the ASSET_HISTORY table to find changes to software. Here is a very basic report:
SELECT * FROM ORG1.ASSET_HISTORY 
WHERE
CHANGE_TYPE = "Detected"
and FIELD_NAME = "SOFTWARE"
and DATE(TIME) BETWEEN DATE_SUB(NOW(), INTERVAL 1 DAY) and  DATE(NOW())
and VALUE1 like "%Filezilla%"
If you schedule this report to run daily it will only show computers that KACE detected Filezilla as a new install in the past day. 
Answered 03/22/2017 by: chucksteel
Red Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more

Software Questions

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ