====== Triggers Glossary ====== ---- The list below describes all available triggers that can be monitored on the Client Device. ===== sys.reg.value ===== ---- //**Definition**//\\ Monitor the value of a specified registry key. //**Operator**//\\ = ; > ; < ; Contains //**Value**//\\ String value //**Parameters**//\\ Specify the path of the registry key //**Example**//\\ To be notified when 'HKEY_LOCAL_MACHINE\Software\my_key\one_value' takes the value 'XYZ': Operator : = Value : XYZ Parameters : HKEY_LOCAL_MACHINE\Software\my_key\one_value ===== sys.regexist ===== ---- //**Definition**//\\ Monitor whether a specified registry key exists or not. //**Operator**//\\ =, Contains //**Value**//\\ True=exist, false=does not exist //**Parameters**//\\ Specify the path of the registry key //**Example**//\\ To be notified when the registry key 'my_key' exists: Operator : = Value : true Parameters : HKEY_LOCAL_MACHINE\Software\XcaliburW \my_key ===== sys.gen.result ===== ---- //**Definition**//\\ Monitor the output of a shell command (windows command or custom script). //**Operator**//\\ = ; Contains //**Value**//\\ String value //**Parameters**//\\ Specify the command to use //**Script File**//\\ If your command is using a script or executable that is not present in the host system, you can select the script or executable here so that it is distributed to the devices along with the rule. //**Example 1**//\\ To be notified when a ping command doesn't lose any packets: Operator : Contains Value : 0% Loss Parameters : ping www.google.fr //**Example 2**//\\ To be notified when available RAM is below a specified value (in MB): Operator : < Value : 150 Parameters : for /f "tokens=4 delims=: " %i in ('systeminfo ^| find "Available Physical Memory"') do @echo %i //**Example with script**//\\ To be notified when the CPU temp exceeds 50°: Operator : > Value : 50 Parameters : -cpu0 Script File : getTemperatureCPU.exe ===== sys.serv.started ===== ---- //**Definition**//\\ Monitor the current state of a specified service (Started/Stopped). //**Operator**//\\ = ; Contains //**Value**//\\ True=started, False=stopped //**Parameters**//\\ Specify the name of the service //**Example**//\\ To be notified when the Windows Audio service is started: Operator : = Value : True Parameters : Windows Audio ===== sys.proc.exited ===== ---- //**Definition**//\\ This trigger allows to monitor if a process/application is stopped. //**Operator**//\\ = //**Value**//\\ True //**Parameters**//\\ Specify the process name (without the .EXE extension) //**Example**//\\ To be notified when the process mspaint is missing. Operator : = Value : True Parameters : mspaint ===== sys.partition.freespace ===== ---- //**Definition**//\\ Monitor the free space of a specified disk partition. //**Operator**//\\ All applicable //**Value**//\\ Numerical value followed by the unit %, Kb, Mb or Gb //**Parameters**//\\ Specify the partition letter //**Example**//\\ To be notified when the free space on C: partition is less than 10% of the total partition size: Operator : < Value : 10% Parameters : C ===== sys.diskdrive.health ===== ---- //**Definition**//\\ Monitor the health of Smart-enabled hard disk drive. //**Operator**//\\ = ; Contains //**Value**//\\ OK ; Error ; Degraded ; PredFail //**Parameters**//\\ Not Applicable //**Example**//\\ To be notified when the health of hard disk drive is degraded: Operator : Contains Value : Degraded Parameters : ===== sys.temperature ===== ---- //**Definition**//\\ Monitor the motherboard system temperature. //**Operator**//\\ All applicable //**Value**//\\ Numerical value followed by the unit °C (default) or °F //**Parameters**//\\ Not Applicable //**Example**//\\ To be notified when the motherboard temperature is greater than 50°C: Operator : > Value : 50°C Parameters : ===== file.create ===== ---- //**Definition**//\\ Monitor the creation of a specified file or directory. //**Operator**//\\ = ; Contains //**Value**//\\ The location of specified file or directory //**Parameters**//\\ Specify the path of the file or directory //**Example**//\\ To be notified when the file 'XcaliburW .txt' is created on C:\: Operator : Contains Value : C:\XcaliburW .txt Parameters : C:\ ===== file.size ===== ---- //**Definition**//\\ Monitor the size of a specified file. //**Operator**//\\ All Applicable //**Value**//\\ Numerical value followed by the unit Kb, Mb or Gb //**Parameters**//\\ Specify the path of the file //**Example**//\\ To be notified when the file size of my_file.txt is greater than 1GB: Operator : > Value : 1 Gb Parameters : c:\UsersAdmin\Desktop\my_file.txt ===== file.exist ===== ---- //**Definition**//\\ Monitor whether a specified file or directory exists or not. //**Operator**//\\ = ; Contains //**Value**//\\ True=exists, false=does not exist //**Parameters**//\\ Specify the path of the file or directory //**Example**//\\ To be notified if the file c:\Windows\explorer.exe does not exist: Operator : = Value : false Parameters : c:\Windows\explorer.exe ===== writefilter.cachesize.current ===== ---- //**Definition**//\\ Monitor the cache size of the FBWF Write Filter. //**Operator**//\\ All applicable //**Value**//\\ Numerical valued follow by the unit %, Kb, Mb or Gb //**Parameters**//\\ Not applicable //**Example**//\\ To be notified when the cache size exceeds 90MB: Operator : > Value : 90 Mb Parameters :