Good day. I am looking to create an alert for when a computer is on our network with a hostname starting as "WIN", for an alert to be sent out. What would be the best way to create such wildcard alert? Thanks
You can create a static watchlist with static values for hostnames starting with WIN or a dynamic watchlist that pulls all the hostnames starting with WIN. You can use a regex for this in the dynamic watchlist.
If you are using a Static watchlist you will have to use the filter 'Host'.
If you are using a Dynamic watchlist, you will have to select ESM strings in the Source tab & then enter a regex expression.
This Watchlist can then be used in a Field match Alarm & the respective device can be selected in the field match alarm.
Thus you will get an alarm for changes on any computer on your network starting with the hostname WIN.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.