/build/static/layout/Breadcrumb_cap_w.png

Software Detect alert report

Hello,
I'm looking for a way to have Kace send an alert or report to me when it detects a certain piece of software installed on any machine? I've already created a daily report but I would like it report me if someone installs it and Kace inventories it. Is there a way?

Thanks

Asked 7 years ago 1114 views
5 Comments   [ + ] Show comments
  • Are you looking for some kind of "trigger" that would generate and send you a message as soon as the software is detected in inventory? - rockhead44 7 years ago
  • yes that's exactly what I'm looking for. Message could be a report generated. It doesn't have to send a report right away, it could be within 24 hours if a I don't want on computers software is detected - sam240 7 years ago
    • You mentioned the daily report you get. Is that already configured for the software you are interested in? If so, you can use that to create a notification and have it send as frequently as every 15 minutes if the criteria is met (in this case, that software has been detected). Otherwise it won't send an e-mail to you. - rockhead44 7 years ago
      • yes that would be perfectly fine. Report I use gets sent every 24 hours but it has the same information over and over again but when information changes, it's hard to notice the changed so it gets missed. So that being said, I use this sql below. This detects any version of Filezilla and it will create a report on which machine has it installed. Now if I could take this and make so it only sends an email say 15 minutes after it's been detected otherwise no report.


        SELECT MACHINE.NAME AS SYSTEM_NAME, USER_FULLNAME,
        USER_LOGGED,
        GROUP_CONCAT(DISTINCT SOFTWARE.DISPLAY_NAME SEPARATOR '\n') AS SOFTWARE_DISPLAY_NAME_GROUPED ,
        GROUP_CONCAT(DISTINCT SOFTWARE.DISPLAY_VERSION SEPARATOR '\n') AS SOFTWARE_DISPLAY_VERSION_GROUPED
        FROM MACHINE
        LEFT JOIN MACHINE_SOFTWARE_JT ON (MACHINE_SOFTWARE_JT.MACHINE_ID = MACHINE.ID)
        LEFT JOIN SOFTWARE ON (SOFTWARE.ID = MACHINE_SOFTWARE_JT.SOFTWARE_ID)
        WHERE (SOFTWARE.DISPLAY_NAME like '%Filezilla%')
        GROUP BY MACHINE.ID ORDER BY SYSTEM_NAME - sam240 7 years ago
  • Under Reporting go to Notifications and create a new Notification using that SQL code. Set the frequency to every 15 minutes. If nothing is applicable, you shouldn't get an e-mail. One I have configured for daily notification only e-mails me when the criteria returns a result. Try that and test it out. Assuming it works like the one I set up, you won't e-mails every 15 minutes unless Filezilla is found following an Inventory. - rockhead44 7 years ago
    • when I click new notification, I get create new Device, Discovery, Asset or Monitoring notification. None of these allow me to add SQL - sam240 7 years ago
      • I just created a new one (it has been a long time). Create a new Monitoring Notification with the name you want and your e-mail address. Save it. Then go back into the Monitoring Notification you created, then select "To edit the Notification using this editor, click here" which shows you the SQL. You can delete that and paste your SQL code. Then save again. - rockhead44 7 years ago
  • if this works, I will kiss you. - sam240 7 years ago
    • Let me know if it does so I can be prepared. - rockhead44 7 years ago
  • it doesn't work. It does send out an email every 15 minutes but it sends out a blank email with Empty columns. Severity, Message, Device, Initial Alert, Latest Alert, Number of alerts and Status. Even though I copy and pasted my own SQL in there, I'm not sure why it has this output. - sam240 7 years ago
    • I just tried one and got the same result. I am trying again choosing "Device" for the Type, which I now see my others are using. - rockhead44 7 years ago
      • That worked in so much as I got a report with machine names. So, in my case, selecting Device instead of Monitoring Alerts Notification did the trick. - rockhead44 7 years ago

Answers (1)

Posted by: chucksteel 7 years ago
Red Belt
0
You want to look at the ASSET_HISTORY table to find changes to software. Here is a very basic report:
SELECT * FROM ORG1.ASSET_HISTORY 
WHERE
CHANGE_TYPE = "Detected"
and FIELD_NAME = "SOFTWARE"
and DATE(TIME) BETWEEN DATE_SUB(NOW(), INTERVAL 1 DAY) and  DATE(NOW())
and VALUE1 like "%Filezilla%"
If you schedule this report to run daily it will only show computers that KACE detected Filezilla as a new install in the past day. 

Posted by:

sam240 Second Degree Blue Belt
Ninja since: 9 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Software Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ