Threshold Alerts

Number of Files Copied

Track and receive alerts when an unusual number of files are copied to an endpoint, offering an additional layer of protection against data theft or accidental data exposure.

  • Alerts are triggered when the number of files copied to an endpoint exceeds a predefined threshold (i.e. 100) within a specific timeframe (i.e an hour).
  • Each event is logged in the Windows event log, ensuring it can be detected and acted upon by the RMM system.
  • The MSP can investigate the incident further by remotely accessing the system and reviewing the file transfers for potential threats or violations.

This alert helps MSPs keep track of unusual file copying activity, enabling them to quickly respond to suspicious behavior and maintain a secure environment for their clients.

[Shortcode:BULKCOPY]

Number of Files Deleted

Monitor and receive alerts for when an unusual number of files are deleted from an endpoint, adding an important safeguard against potential data loss or unauthorized file removal.

  • Alerts are triggered when the number of files deleted exceeds a defined threshold (i.e. 100 files) within a set timeframe (i.e. one hour).
  • Each alert generates an event log entry that can be detected and reviewed by the RMM system.
  • MSPs can then remotely access the endpoint to investigate and take appropriate action if necessary.

This alert empowers MSPs to stay vigilant about potentially harmful file deletion activity, enabling them to take swift action to prevent accidental or malicious data loss and protect their clients' critical information.

[Shortcode:BULKDELETE]

Number of Files Written to a USB Drive

Track and alert on the number of files written to a USB drive to help identify unusual or unauthorized data transfers.

  • Alerts activate when the number of files written to a USB drive surpasses a set threshold (i.e. 100 files) within a specific time window (i.e., one hour).
  • Each alert triggers an event log entry that can be picked up by the RMM system for monitoring.
  • MSPs can use the generated alerts to remotely check the endpoint and investigate suspicious activity.

This alert feature helps MSPs monitor data transfers to USB devices, providing an essential tool to detect potential data exfiltration or unauthorized file copying. By using this alert, MSPs can respond proactively to ensure the security and integrity of client data.

[Shortcode:BULKUSBWRITE]

Number of Files Read from a USB Drive (Excluding Specific File Types)

Monitor and alert on the number of files read from a USB drive, excluding common file types like JPG, PDF, and Office documents, to detect unusual data access patterns.

  • Alerts are triggered when the number of non-standard files (excluding JPG, PDF, and Office files) accessed from a USB drive exceeds a preset threshold (i.e. 50 files) within a specified timeframe (i.e. one hour).
  • This event generates an entry in the event log, which can be captured by the RMM system for detailed analysis.
  • MSPs can utilize these alerts to remotely examine the system and investigate potential security issues.

This threshold alert offers MSPs the capability to identify abnormal data reading behavior from USB drives, helping to detect unauthorized data access or potential breaches. By focusing on non-standard file types, this alert ensures that typical document usage (such as viewing PDFs or Office files) does not trigger false positives, allowing MSPs to maintain effective monitoring without unnecessary alerts.

[Shortcode:BULKUSBREAD]

Number of Files Accessed by Extension

This alert helps MSPs monitor and respond to the volume of files accessed by specific extensions to identify potential unauthorized data access or suspicious activity.

  • The alert is triggered when the number of files accessed with a specific file extension (e.g., .exe, .zip, .docx) surpasses a preset limit (i.e. 100 files) within a designated timeframe (i.e. one hour).
  • When this threshold is exceeded, an event log entry is generated and can be picked up by the RMM system for further analysis and response.
  • MSPs can leverage this data to investigate abnormal file access patterns and determine whether they indicate legitimate use or a potential security threat.

This threshold alert enables MSPs to maintain better oversight of file access on client systems by focusing on file types that may indicate high risk, such as executables or compressed archives. It allows for targeted monitoring that can highlight unusual activity without impacting performance or generating excessive false positives.

[Shortcode:BULKEXT]

Number of Files Created

This alert helps MSPs track excessive file creation, which could signify unusual or unauthorized activity, such as automated scripts, ransomware, or misconfigured processes.

  • The alert triggers when the number of files created exceeds a defined threshold (i.e. 100 files) within a specific timeframe (i.e. one hour).
  • Once activated, an event log entry is generated for the RMM system to capture and notify the MSP.
  • MSPs can investigate whether the activity is expected or a sign of a potential issue requiring intervention.

By monitoring file creation, MSPs can identify suspicious activity early, ensuring that clients' systems remain secure and operational while minimizing potential risks.

[Shortcode:FILESCREATED]