What’s monitored (MVP)
Eight signals. No alert spam. Each alert has a clear action.
1) Disk space low
Trigger< 10% free or < 15 GB free
ActionIdentify large folders/caches, clean safely, verify backups first.
2) Backup stale
TriggerLast successful backup older than 72h (best effort)
ActionFix target/path, run a test restore (small file).
3) Updates overdue
TriggerCritical OS updates overdue > 14 days (if available)
ActionSchedule patch window, install, reboot, verify.
4) Security protection disabled
TriggerAV/real-time protection off (if available)
ActionEnable, update signatures, quick scan, find the reason it was disabled.
5) Disk encryption off
TriggerBitLocker/FileVault off (if available)
ActionEnable encryption; store recovery keys safely (never via chat).
6) Device offline unexpectedly
TriggerNo heartbeat for 24h (cron)
ActionCheck power/network/VPN; confirm device is active.
7) Reboot/crash loop
Trigger≥ 3 unexpected reboots in 24h (Windows: Event 6008)
ActionCheck disk, drivers, updates; stabilize system.
8) Account risk (optional)
TriggerHigh-risk login / MFA disabled / new admin (if you integrate IdP later)
ActionForce MFA, revoke sessions, audit changes.