The list below describes all available triggers that can be monitored on the Client Device.
Definition
Monitor the value of a specified registry key.
Operator
= ; > ; < ; Contains
Value
String value
Parameters
Specify the path of the registry key
Example
To be notified when 'HKEY_LOCAL_MACHINE\Software\my_key\one_value' takes the value 'XYZ':
Operator : = Value : XYZ Parameters : HKEY_LOCAL_MACHINE\Software\my_key\one_value
Definition
Monitor whether a specified registry key exists or not.
Operator
=, Contains
Value
True=exist, false=does not exist
Parameters
Specify the path of the registry key
Example
To be notified when the registry key 'my_key' exists:
Operator : = Value : true Parameters : HKEY_LOCAL_MACHINE\Software\XcaliburW \my_key
Definition
Monitor the output of a shell command (windows command or custom script).
Operator
= ; Contains
Value
String value
Parameters
Specify the command to use
Script File
If your command is using a script or executable that is not present in the host system, you can select the script or executable here so that it is distributed to the devices along with the rule.
Example 1
To be notified when a ping command doesn't lose any packets:
Operator : Contains Value : 0% Loss Parameters : ping www.google.fr
Example 2
To be notified when available RAM is below a specified value (in MB):
Operator : < Value : 150 Parameters : for /f "tokens=4 delims=: " %i in ('systeminfo ^| find "Available Physical Memory"') do @echo %i
Example with script
To be notified when the CPU temp exceeds 50°:
Operator : > Value : 50 Parameters : -cpu0 Script File : getTemperatureCPU.exe
Definition
Monitor the current state of a specified service (Started/Stopped).
Operator
= ; Contains
Value
True=started, False=stopped
Parameters
Specify the name of the service
Example
To be notified when the Windows Audio service is started:
Operator : = Value : True Parameters : Windows Audio
Definition
This trigger allows to monitor if a process/application is stopped.
Operator
=
Value
True
Parameters
Specify the process name (without the .EXE extension)
Example
To be notified when the process mspaint is missing.
Operator : = Value : True Parameters : mspaint
Definition
Monitor the free space of a specified disk partition.
Operator
All applicable
Value
Numerical value followed by the unit %, Kb, Mb or Gb
Parameters
Specify the partition letter
Example
To be notified when the free space on C: partition is less than 10% of the total partition size:
Operator : < Value : 10% Parameters : C
Definition
Monitor the health of Smart-enabled hard disk drive.
Operator
= ; Contains
Value
OK ; Error ; Degraded ; PredFail
Parameters
Not Applicable
Example
To be notified when the health of hard disk drive is degraded:
Operator : Contains Value : Degraded Parameters :
Definition
Monitor the motherboard system temperature.
Operator
All applicable
Value
Numerical value followed by the unit °C (default) or °F
Parameters
Not Applicable
Example
To be notified when the motherboard temperature is greater than 50°C:
Operator : > Value : 50°C Parameters :
Definition
Monitor the creation of a specified file or directory.
Operator
= ; Contains
Value
The location of specified file or directory
Parameters
Specify the path of the file or directory
Example
To be notified when the file 'XcaliburW .txt' is created on C:\:
Operator : Contains Value : C:\XcaliburW .txt Parameters : C:\
Definition
Monitor the size of a specified file.
Operator
All Applicable
Value
Numerical value followed by the unit Kb, Mb or Gb
Parameters
Specify the path of the file
Example
To be notified when the file size of my_file.txt is greater than 1GB:
Operator : > Value : 1 Gb Parameters : c:\UsersAdmin\Desktop\my_file.txt
Definition
Monitor whether a specified file or directory exists or not.
Operator
= ; Contains
Value
True=exists, false=does not exist
Parameters
Specify the path of the file or directory
Example
To be notified if the file c:\Windows\explorer.exe does not exist:
Operator : = Value : false Parameters : c:\Windows\explorer.exe
Definition
Monitor the cache size of the FBWF Write Filter.
Operator
All applicable
Value
Numerical valued follow by the unit %, Kb, Mb or Gb
Parameters
Not applicable
Example
To be notified when the cache size exceeds 90MB:
Operator : > Value : 90 Mb Parameters :