Contextual data needed on change alerts - i.e. computer name on AD domain join count change
under consideration
J
Jesper Jønsson
We have change notifications sent to Microsoft Teams via webhook, but we often see notifications like "Count of Joined Computers Changed" in "Active Directory". Here we see the count increasing, but we cannot see for example the device names. Even when going to the alert, we cannot see what device names. It makes the notification almost useless. The recommended action from the notification is "Action: Review the Computers Joined to the Domain and Verify that the Computers that have been Removed and/or Added were Approved, and have been Documented According to Best Practices." which is impossible without contextual data.
J
Jesper Jønsson
Hi Daniela. If I understand it correct, the metric would not show which exact device has changed - leaving us with another big task to compare (which is unrealistic)? If it surfaces a list of devices and shows exactly which one has been removed (with red/green colors), that could be an option. Is this how you expect it to work?The second option (if it works) is not a beautiful solution (compared to just showing the single change), but it might work for now. 🙂
D
Dani Weisz
Hi Jesper, have you thought about utilizing a metric that returns the device list as part of the rule conditions so that if the names change the names will be the ones surfaced in the ticket? Would that be a step closer to having the context you're looking for?