Rules Examples
Xcalibur W enables a wide variety of device monitoring scenarios. Several examples are shown below.
 Monitoring Rules are intended to anticipate failures and to ensure remote devices remain in the desired state. For successful implementation, take time to understand the triggers and rules that make sense in a particular context. |
Hardware : Motherboard Device Temperature
Ensure the system does not exceed the desired temperature range
Trigger : sys.temperature Operator : > Value : 40°C Parameters : -
Operating System : File Size
Monitor the size of the Windows virtual memory paging file
Trigger : file.size Operator : > Value : 2 Gb Parameters : c:\pagefile.sys
Operating System : Check Antivirus Status
Verify whether the Antivirus software is loaded
Trigger : sys.gen.result Operator : contains Value : antivirus Parameters : wmic /namespace:\\root\SecurityCenter2 path AntiVirusProduct get /value
Operating System : Registry key change
Monitor the Windows shell using registry key
Trigger : sys.reg.value Operator : = Invert: Yes Value : explorer.exe Parameters : "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell"
Operating System : Check network connectivity
Report packet losses when pinging a server
Trigger : sys.gen.result Operator : Contains Invert: Yes Value : 0% Loss Parameters : ping www.google.fr
Operating System : Check application freeze
Verify whether Internet Explorer is responding properly
Trigger : sys.gen.result
Operator : Contains
Value : iexplorer
Parameters : powershell.exe -executionpolicy bypass "Get-Process | Where-Object { $_.responding -eq $false}"
Operating System : Service is down
Audit the status of the Windows Audio service
Trigger : sys.serv.started Operator : = Value : False Parameters : Windows Audio