The Endpoint Agent can be monitored using Datto RMM. By creating a policy using the components, administrators can monitor the Windows and Mac agent services. Separate Windows and Mac policies are recommended.
Monitor endpoints - New interface
- Log in to Datto RMM.
- In the menu section, select Sites.
- Click All Sites and select the site name.
- Click Policies.
- Click Create Policy and complete the following fields:
- Name: Custom policy name
- Type: Monitoring
- Based On: New or existing policy
- In the Monitors section, click Add Monitor.
- Under Monitor Type, click Select and choose your Component.
- In the Alert Section, click Select a Component Monitor and choose your components:
- ThreatDown Monitor v2 [MAC] for MacOS
- ThreatDown Monitor v2 [WIN] for Windows
- ThreatDown Monitor v2 [WIN] for Linux
- Optionally configure variables for input to the script:
- WaitTime: Wait x minutes before checking status.
- UDFNum: Update a bookmark or link in the Nebula device to the User Defined Field xx, with a specified number.
TIP - Monitor execution interval should be higher than optional WaitTime variable value.
- Optionally, configure alerts properties.
- Optionally, in the Response section toggle Run a Component and select from the following component to attempt to uninstall or reinstall:
- ThreatDown OneView Endpoint Agent Deployment v2 - [MAC]
- ThreatDown OneView Endpoint Agent Deployment v2 - [WIN]
- ThreatDown OneView Endpoint Agent Deployment v2 - [LINUX]
- ThreatDown OneView Endpoint Agent Deployment v2 - Server [WIN]
- Optionally, toggle Send an email and select Email the following recipients. Then configure for selected recipients.
- Optionally, toggle Send a Webhoook and configure webhoook properties.
- Click Add Monitor.
- In the Targets section click Add Target and choose the Target Type. We recommend using Device Filter.
- Click Save and deploy now.
Monitor endpoints - Old interface
- Log in to Datto RMM.
- From the dashboard, click Sites.
- Click the target site name.
- Click the Policies tab.
- Select New Site Policy, complete the following fields.
- Name: Custom policy name
- Type: Monitoring
- Based On: New or existing policy
- On the new policy page, click Add Target.
- Choose the Target Type. Recommended:
- Default Device Filter
- Choose or indicate the filter options and click Add. Recommended:
- All Windows Desktops & All Windows Servers
- MacOS
- Return to the new policy page, click Add a Monitor.
- From the Monitor Type dropdown, select Component Monitor.
- Click Next.
- From Run the Component monitor dropdown select an operating system component:
- ThreatDown Monitor MacOS
- ThreatDown Monitor Windows
- ThreatDown Monitor Linux
- Optionally configure variables for input to the script:
- WaitTime: Wait x minutes before checking status.
- UDFNum: Update a bookmark or link in the Nebula device to the User Defined Field xx, with a specified number.
TIP - Monitor execution interval should be higher than optional WaitTime variable value.
- Click Next.
- Optionally, select Run the following component to attempt to uninstall or reinstall using Malwarebytes Monitoring. From the dropdown, select an operating system component:
- ThreatDown OneView Endpoint Agent Deployment v2 - [MAC]
- ThreatDown OneView Endpoint Agent Deployment v2 - [WIN]
- ThreatDown OneView Endpoint Agent Deployment v2 - [LINUX]
- ThreatDown OneView Endpoint Agent Deployment v2 - Server [WIN]
- Optionally, select Email the following recipients and configure for selected recipients.
- Click Next.
- Configure monitoring on the Ticket Details page.
- Click Next.
- On the policy page, click Save and Push Changes.
Monitor view examples
The component monitor script verifies the necessary services are running and the anti-malware rules are updated. The information is returned by updating the antivirus status file antivirus.json. For more information about this technique, see Datto Antivirus detection.
{"product":"Malwarebytes","running":true,"upToDate":true}
This status is automatically summarized by Datto for each site in a chart.
When there is an issue, a Sites/Device/Monitor alert is shown.
Viewing the details of the alert will show a Diagnostic Summary in black, describing the issue with the component.
Return to the OneView integration with Datto RMM.