Actions159
- Related Items Actions
- Backup Actions
- Queries Actions
- Get Disk Drives
- Get Operating Systems
- Get RAID Controller Report
- Get Volumes
- Get Computer Systems
- Get Antivirus Status Report
- Get Device Health Report
- Get Custom Fields Report
- Get Installed Software Patches
- Get Custom Fields Detailed Report
- Get Installed OS Patches
- Get Pending Failed Rejected OS Patches
- Get RAID Drive Report
- Get Windows Services Report
- Get Antivirus Threats
- Get Device Usage
- Get Network Interfaces
- Get Processors
- Get Software
- Get Last Logged On Users Report
- Get Policy Overrides 1
- Get Scoped Custom Fields Report
- Get Pending Failed Rejected Software Patches
- Get Scoped Custom Fields Detailed Report
- System Actions
- Knowledge Base Articles Actions
- Get Knowledge Base Article Signed Urls
- Get Related Item Attachments Signed Urls
- Download Knowledge Base Article
- Get Knowledge Base Folder Path Content
- Upload Temp Attachments
- Get Knowledge Base Folder Content
- Get Client Knowledge Base Articles
- Upload Knowledge Base Articles
- Get Global Knowledge Base Articles
- Download Related Item Attachment
- Organization Documents Actions
- Document Templates Actions
- Checklist Templates Actions
- Organization Checklists Actions
- Location Actions
- Management Actions
- Get Custom Fields Policy Condition
- Delete Policy Condition
- Reset Alert
- Update Device
- Request Scripting Options
- Submit OS Patch Scan
- Get Installer For Location
- Get Windows Event Policy Conditions
- Create Organization
- Cancel Device Maintenance
- Reboot Devices
- Set Windows Service Configuration
- Create Location For Organization
- Update Node Role Policy Assignment For Organization
- Create Windows Event Policy Condition
- Node Approval Operation
- Control Windows Service
- Remove Device Owner
- Submit OS Patch Apply
- Get Installer
- Create Policy
- Get Windows Event Policy Condition
- Update Device Maintenance
- Reset Policy Overrides
- Set Device Owner
- Submit Software Patch Scan
- Update Location
- Reset Alert Set Activity Data
- Get Device Link
- Run Script On Device
- Submit Software Patch Apply
- Update Organization
- Create Custom Fields Policy Condition
- Get Custom Fields Policy Conditions
- Custom Fields Actions
- Ticketing Actions
- Organization Actions
- Devices Actions
- Get Device Active Jobs
- Get Device Installed Software Patches
- Get Device Processors
- Update Node Attribute Values
- Get Device Disk Drives
- Get Device Pending Failed Rejected OS Patches
- Get Device Volumes
- Get Device Alerts
- Get Device Network Interfaces
- Get Device Software
- Get Device Activities
- Get Device Last Logged On User
- Get Device Services
- Get Policy Overrides
- Get Device
- Get Device Installed OS Patches
- Get Device Pending Failed Rejected Software Patches
- Get Node Custom Fields
- Groups Actions
- Webhooks Actions
Overview
This node operation allows users to create a Windows Event Policy Condition within a management system. It is designed to define specific conditions based on Windows event logs that trigger policies for monitoring or alerting purposes. This can be useful in IT security and operations scenarios where automated responses or notifications are needed when certain Windows events occur.
For example, an administrator might use this node to create a condition that triggers when a particular event source generates specific event IDs, enabling automated incident response or logging.
Properties
| Name | Meaning |
|---|---|
| Policy Id | Numeric identifier of the policy to which the condition will be added (required). |
| Source | The event source name from Windows event logs (required). |
| Event Ids | JSON array of event IDs to match against (required). |
| Additional Body Fields | Optional fields to further customize the policy condition: |
| - Enabled | Boolean flag to enable or disable the policy condition. |
| - Display Name | A string to set a display name for the policy condition. |
| - Severity | Severity level of the condition; options: NONE, MINOR, MODERATE, MAJOR, CRITICAL. |
| - Priority | Priority level of the condition; options: NONE, LOW, MEDIUM, HIGH. |
| - Channels | JSON array specifying notification channels for the condition. |
| - Scripts | JSON array defining scripts to run with the condition, including runAs user and variables. |
| - Notification Action | Notification action type; options: NONE, SEND. |
| - Notify On Reset | Boolean indicating if notifications should be sent when the condition resets. |
| - Reset Threshold | Number representing reset threshold in seconds. |
| - Text | JSON object defining text-based matching criteria with values, condition type, and inclusion. |
| - Occurrence | JSON object defining occurrence settings: enabled flag, threshold count, and duration in minutes. |
Output
The node outputs JSON data representing the created Windows Event Policy Condition as returned by the API. This typically includes details such as the assigned ID, configured properties, status, and metadata of the newly created condition.
No binary data output is indicated.
Dependencies
- Requires an API key credential for authentication to the AvantGuard NinjaOne service.
- The node uses the base URL and headers configured via credentials.
- Depends on the external AvantGuard NinjaOne API endpoint for creating policy conditions.
Troubleshooting
Common issues:
- Missing required fields like Policy Id, Source, or Event Ids will cause errors.
- Invalid JSON format in fields like Event Ids, Channels, Scripts, Text, or Occurrence may lead to parsing errors.
- Authentication failures due to incorrect or missing API credentials.
- Network connectivity issues to the API endpoint.
Error messages:
- "Missing required parameter" indicates a mandatory property was not provided.
- "Invalid JSON format" suggests malformed JSON input in one of the JSON-type fields.
- "Unauthorized" or "Authentication failed" points to credential problems.
Resolutions:
- Ensure all required properties are filled correctly.
- Validate JSON inputs before execution.
- Verify API credentials and network access.
Links and References
- Windows Event Log Documentation
- AvantGuard NinjaOne API documentation (refer to your organization's internal API docs or portal)