AgentSkillsCN

Alerts

当您需要管理NinjaOne告警时,可使用此技能:查看当前运行状况、忽略告警,并理解告警的严重程度分级。告警提示的设备问题需由技术人员及时关注并处理。

SKILL.md
--- frontmatter
description: >
  Use this skill when working with NinjaOne alerts - viewing active conditions,
  dismissing alerts, and understanding alert severity levels. Alerts indicate
  device issues that require technician attention.
triggers:
  - ninjaone alert
  - ninjarmm alert
  - ninja condition
  - device alert ninja
  - dismiss alert ninja
  - clear alert ninja
  - critical alert ninja

NinjaOne Alert Management

Overview

Alerts in NinjaOne indicate conditions on devices that require attention. They're generated by monitoring policies when thresholds are exceeded or conditions are detected.

Alert vs Condition

  • Condition: An active state on a device (e.g., disk space low)
  • Alert: A notification generated when a condition is triggered

Conditions persist until resolved; alerts can be dismissed independently.

API Endpoints

Get Device Alerts

http
GET /api/v2/device/{id}/alerts
Authorization: Bearer {token}

Returns active alerts for a specific device.

Reset/Dismiss Alert

http
DELETE /api/v2/alert/{uid}
Authorization: Bearer {token}

Dismisses an alert by its unique identifier. The underlying condition may still exist if not resolved.

Alert Structure

json
{
  "uid": "alert-uuid-12345",
  "deviceId": 123,
  "message": "Disk space on C: below 10%",
  "severity": "CRITICAL",
  "priority": "HIGH",
  "sourceType": "CONDITION",
  "sourceConfigUid": "condition-config-id",
  "createTime": "2024-02-15T10:30:00Z"
}

Severity Levels

SeverityDescriptionTypical Response
CRITICALService impacting, requires immediate attentionImmediate
MAJORSignificant issue, high priorityWithin 1 hour
MODERATENotable issue, medium priorityWithin 4 hours
MINORLow impact issueWithin 24 hours
NONEInformational onlyAs time permits

Priority Levels

PriorityDescription
HIGHEscalate immediately
MEDIUMStandard priority
LOWAddress when convenient
NONENo action required

Common Alert Types

Hardware Alerts

ConditionTypical ThresholdSeverity
Disk space low< 10% freeCRITICAL
Disk space warning< 20% freeMAJOR
Memory pressure> 90% usedMAJOR
CPU sustained high> 95% for 15 minMODERATE
SMART disk warningAny SMART errorMAJOR

Service Alerts

ConditionDescriptionSeverity
Service stoppedCritical service not runningCRITICAL
Service restart loopMultiple restarts detectedMAJOR
Service degradedRunning but errors detectedMODERATE

Security Alerts

ConditionDescriptionSeverity
Antivirus disabledProtection not runningCRITICAL
Definitions outdatedAV definitions oldMAJOR
Failed login attemptsMultiple failuresMODERATE
Firewall disabledWindows firewall offMAJOR

Connectivity Alerts

ConditionDescriptionSeverity
Device offlineNo agent contactCRITICAL
Intermittent connectionFrequent reconnectsMODERATE
High latencyNetwork performance issuesMINOR

Webhooks for Alerts

Configure webhooks to receive real-time alert notifications:

Configure Webhook

http
PUT /api/v2/webhook
Content-Type: application/json
json
{
  "url": "https://your-server.com/webhook/ninjaone",
  "events": ["ALERT_TRIGGERED", "ALERT_CLEARED"]
}

Remove Webhook

http
DELETE /api/v2/webhook

Webhook Payload

json
{
  "event": "ALERT_TRIGGERED",
  "alert": {
    "uid": "alert-uuid",
    "deviceId": 123,
    "message": "Disk space critical",
    "severity": "CRITICAL"
  },
  "device": {
    "id": 123,
    "displayName": "SERVER-01",
    "organizationId": 456
  },
  "timestamp": "2024-02-15T10:30:00Z"
}

Common Workflows

Daily Alert Review

  1. Query alerts across all devices
  2. Filter by severity (CRITICAL first)
  3. Review each alert context
  4. Take action or dismiss
  5. Document resolution

Alert Triage

  1. Check severity and priority
  2. Identify affected device and org
  3. Determine if automated fix possible
  4. Create ticket if manual intervention needed
  5. Dismiss alert after resolution

Mass Alert Dismissal

After scheduled maintenance:

  1. Filter alerts by time range
  2. Identify maintenance-related alerts
  3. Bulk dismiss expected alerts
  4. Review remaining alerts

Best Practices

  1. Don't ignore alerts - Address or dismiss, never leave stale
  2. Set appropriate thresholds - Avoid alert fatigue
  3. Document dismissals - Note why alert was cleared
  4. Use webhooks - Get real-time notifications
  5. Review periodically - Audit alert policies quarterly

Error Handling

CodeDescriptionResolution
404Alert not foundMay already be dismissed
403Access deniedCheck organization permissions
400Invalid requestVerify alert UID format

Related Skills