Creating event notifications
You can create event notifications that the user will see on their Android or iOS device. Notifications are sent via push notification, SMS, or email, and only apply to app compliance policy violations.
In the context of MTD threat detection, notifications for server-initiated compliance events are governed and controlled by MTD console. When MTD console detects a non-compliant event, it generates a compliance action, and sends a message to the affected devices. This is a separate process from compliance notification for Local Actions policy.
Before you begin
Be sure you have completed Defining an MTD security policy in Ivanti EPMM.
- In the Ivanti EPMM Admin Portal, select Logs > Event Settings.
- Select Add New > Policy Violations Event. The New Policy Violations Event dialog box opens.
- Enter a descriptive name in the Name field, such as MTD – ExploitDetected.
Scroll down to the Security Policy Triggers section. Select the following fields under the App Control - All Platforms heading:
- Disallowed app found
- App found that is not in Allowed Apps list.
- Required app not found
For iOS devices, scroll down to the iOS section. Select the following fields:
- Disallowed iOS model found
- Disallowed iOS version found
- Compromised iOS device detected
- iOS Configuration not compliant
- Restored Device connected to server
- iOS Location-Based Wakeups disabled by user
- Device MDM deactivated (iOS 5.0 or later)
For Android devices, scroll down to the Android section. Select the following fields:
- Disallowed Android OS version found
- Compromised Android device detected
- Device administration not activated for DM client or agent
- Attestation Failed
For both iOS and Android devices, scroll down to the Actions section. Under the Alert Configuration heading, configure the following options:
- Select the radio button next to Limited under Maximum Alerts.
- Select the 1 day pull-down menu under Alert Every.
- Select None or User Only for the Send SMS field.
- Select User only or User + Admin for the Send Through Push Notification field.
- Move a label, such as "MTD--ExploitedDetected," from the Available to the Selected columns in the Apply to Labels field.
Click the Create button next to the Template field. The Add New Event Center Template dialog box opens. Enter the following fields:
- Enter a name for the template in the Name field. For example, use MTD-ExploitedDetected as a template name.
Select a language with the pull-down menu for the Edit Template For field.
Figure 1. Add New Event Center Template window
(Optional) In the Message field, enter text for alerts generated by violations of the compliance policy rule.
Table 10. Event Center Variables Support Type Variables Supported
$SEVERITY - The defined severity of the system event, for example, Information, Warning, or Critical.
$PHONE_NUMBER - The phone number used by the device.
$USER_NAME - The display name of the user associated with the device.
$DEFAULT_POLICY_VIOLATION_MESSAGE - The hard-coded message associated with the policy violation that triggered the alert.
Custom attribute variable substitutions are not supported.
- Click Save to save the template. The New Policy Violations Event page displays.
- Click Save.