What’s monitored (MVP)
Eight core signals. No alert spam. Every alert tells you what to do.
1) Device offline / agent unreachable
TriggerNo heartbeat longer than the agreed window (e.g., 15–60 min).
ActionCheck power/network/VPN, wake the device. If it’s critical: act now.
2) Backup stale or failing
TriggerLast successful backup older than the threshold or repeated failures.
ActionCheck target/credentials/space. Run a small test restore. Verify again.
3) Security updates overdue
TriggerCritical OS/security updates overdue (e.g., > 14–30 days).
ActionSchedule a patch window, install, reboot, then verify status.
4) Protection disabled (AV/Firewall)
TriggerReal-time protection/firewall off or signatures very old (if available).
ActionEnable, update, run a quick scan. Find why it was disabled (policy/user/malware).
5) Disk encryption off / recovery key missing
TriggerBitLocker/FileVault off or recovery key not stored (if available).
ActionEnable encryption and store the recovery key safely (never via chat).
6) Suspicious file activity (ransomware/exfiltration)
TriggerUnusual spikes in file changes/renames or risky processes.
ActionTriage immediately: stop suspected processes, check network/VPN, isolate if needed.
7) Disk space critical (with trend)
Trigger< 10% free or < 15 GB free and/or fast consumption (trend).
ActionFind large folders/caches and clean safely. Don’t break backups or updates.
8) Admin/privilege risk
TriggerNew admin, protection policy changes, or unusual login patterns (if available).
ActionAudit changes, enforce MFA, revoke sessions, reset privileges.
Notifications (scaled, not spammy)
Free: dashboard link + in‑app hints (optional: digest). Pro: real‑time notifications (email/webhook) for critical events.