Navigating the Admin page
SECURITY Datto EDR subscription with administrator-level platform access or Datto AV subscription with administrator-level platform access
BEFORE YOU BEGIN The type of subscription you have may define the features available to you on this page. For a comprehensive overview of features available to Datto EDR and Datto AV customers, refer to Datto EDR and Datto AV access control.
From the Admin page, you can manage the users in your Datto EDR or Datto AV instance, configure integrations and webhooks, personalize global settings, and more.
This article describes the page's layout and functions.
Overview
-
To access the Admin page, in the top navigation menu, click > Admin.
-
When the page loads, you'll notice that the Users & Tokens view is selected by default, displaying a list of all admin, analyst, and integration users in the instance.
-
As you navigate, you'll see the following features and fields:
Left navigation pane
The following links are available in the page's left navigation pane. Clicking any link opens a dedicated management page for the selected feature. Select a topic to continue.
Page features
From the Users & Tokens page, you can add and remove users, view their activity logs, and issue & revoke API tokens.
Feature | Definition |
Users |
Switches to the user management view |
API Tokens |
Switches to the API token management view |
Add User |
Click to begin the user creation workflow; learn more in our Adding new users to Datto EDR and Datto Antivirus (AV) article |
Create new token |
Add a new token to the EDR instance; review Generating Datto EDR API tokens to get started |
Column definitions (Users view)
Column header | Definition |
Email address of the user; click to change the account's permissions | |
Role | The user's level of privilege within the Datto EDR instance; for additional information, refer to Adding new users to Datto EDR and Datto Antivirus (AV) |
Last Login | Last time and date that the user accessed the platform |
Action menu; click to view the user's activity or delete the account |
Column definitions (API Tokens view)
Column header | Definition |
Name |
The description of the API token |
User | Email account associated with the token |
Created | Date and time of the token's creation |
Expires | Date and time of the token's expiration |
Deletes the selected token |
The Activity page contains a journal of all user and system activity taking place in your EDR instance.
Column definitions
Column header | Definition |
User |
The login name or system identifier of the user performing the action |
Item |
Classification of the object affected by the action |
Action |
Type of action taken |
Item ID |
Object ID associated with activity, if applicable |
On | Date and time that the activity took place |
From the Integrations page, you can configure Datto EDR to automatically create tickets in your PSA platform when an agent generates an alert. You can also make alerts available for collection and relay to the destination syslog, Splunk, or Elastic log server of your choice.
To learn more about its features, refer to Understanding the Integrations page.
The Webhooks page provides administrators with the ability to create, delete, and view logged errors for all webhooks created for the current tenant.
Page features
Feature | Definition |
Add Webhook |
Click to begin the webhook creation workflow; review our Creating Datto EDR webhooks article to learn more |
Column definitions
Column header | Definition |
Name |
Name of the webhook, as defined by the user who created it |
Method | Communication method used by the webhook |
Description | Details about the webhook's purpose and function |
Action menu; click to delete the webhook or view all errors logged for it |
From the Jobs page, you can view statistical data about recent jobs run in the tenant and the outcome of those jobs.
Page features
Feature | Definition |
Jobs graph |
Illustrates the jobs run in the tenant, number of times they were run, and the status of each (created, active, completed, failed, canceled, expired) |
The Notifications page enables you to create alert policies that will send email notifications to designated recipients if the rule matches specific organizations or locations. You can also create custom subject lines that include variables to surface specific details about the alert.
Page features
Feature | Definition |
Search |
Enter a partial or whole value to filter current view to matching records |
Delete |
Deletes the selected notification or notifications |
Add Notification |
Click to begin the notification creation workflow; refer to Creating scheduled notifications to learn more |
Column definitions
Column header | Definition |
Name |
The name of the policy |
Subject | Subject line the notification email will contain |
Organization | The organization to which the alert policy applies |
Location | The location to which the alert policy applies |
Updated By | Most recent user who updated the policy |
Created On | The date and time of the policy's creation |
Updated On | The most recent date and time at which the policy was updated |
Active | Click the icon in this field to activate or deactivate the policy; indicates that the policy is active; indicates that the policy is inactive |
Creating scheduled notifications
BEFORE YOU BEGIN For information about subscribing to email digests of alerts surfaced by Datto EDR and Datto AV, refer to Configuring email alerts.
To create a new alert notification policy, perform the following steps:
-
In the Admin page's left navigation pane, select Notifications.
-
On the admin page, click Add Notification.
-
The Alert Notification editor will load. Complete the following configurations. Refer to the below image for all numbered steps:
-
Click the Active toggle to activate or deactivate the policy.
-
In the Name field, enter a brief description that clearly identifies the policy's purpose.
-
Select the frequency at which the policy will send alert notifications to the recipients.
-
Define the email subject line that will appear in notifications delivered by this policy. The field supports the following variables:
Variable | Definition |
%organization% | Organization name |
%location% | Location name |
%severity% |
Alert severity |
%type% |
Type of alert (such as Rule, Reputation, etc.) |
%name% |
Name of the alert |
-
Select the organization or location to which this alert notification policy will apply.
-
Enter each email address to whom the alert notifications should be delivered, one at a time. Click Add after completing each entry in the Recipients field. To remove all added recipients and start over, click Clear list.
-
Click Save. If you set the policy to Active state, it will immediately begin sending notifications to the recipients you defined.
You can use registration keys to register, enable and add devices to a location automatically during deployment of the Datto Endpoint Security agent. You'll manage those keys from this page.
The registration key is assigned to upon successful install. You have two options for adding agents to a location: automatically via agent registration keys, or by manual assignment on the Agents page.
Page features
Feature | Definition |
Search |
Enter a partial or whole value to filter current view to matching records |
Add New Registration Key |
Begins the registration key creation workflow; to learn more, refer to Assigning devices to a location |
Assign to Location |
Click to assign selected keys or all keys in the current view to a specific location NOTE Reassigning a device between monitored locations will remove the device from the original location. |
Delete |
Delete selected keys or all keys in the current view |
Column definitions
Column header | Definition |
Key |
UUID of the registration key |
Location |
Location with which the key is associated; learn more in Creating and managing organizations, locations, and devices |
Created By |
Username of the analyst or administrator who created the key |
Created On |
Date and time of the key's creation |
Action menu; click to delete the selected registration key |
The Downloads page provide links to the latest version of the Datto Endpoint Security agent installer for your platform. For deployment instructions, refer to Deploying the Datto Endpoint Security agent.
Flags are a system option that you can use to categorize the reputation weights that Datto EDR applies to files that it analyzes during the scan process, helping you to better understand the context of an alert and take appropriate action. You can add and manage flags from this page.
NOTE To learn how to add, change, or remove flags from objects, refer to Leveraging the File Detail page.
Page features
Feature | Definition |
Add Flag |
Begins the flag creation workflow |
Column definitions
Column header | Definition |
Color |
The flag's user-defined color |
Name |
Assigned name of the flag |
Weight |
Reputation weightage to which this flag applies |
Deletes the selected flag |
From the Settings page, you can customize the tenant's location monitoring and file analysis behavior, and enable or disable geolocation restrictions for support access.
Page features
Feature | Definition |
Location Monitoring |
Designate the time at which the daily differential collection for monitored locations should occur NOTE Processes, memory, scripts, and accounts are tracked in real time; all other objects are collected at the time of the daily differential. |
Automated File Analysis Settings |
|
Uninstall Protection Settings |
Enable to prevent users from uninstalling the Endpoint Security agent without providing a valid security token; on uninstall attempt, a challenge prompt will appear on the endpoint requiring the user to input the value defined in the Uninstall Token field |
Restrict Infocyte Support to Personnel in the United States |
Select to restrict Datto EDR support access to users based in the United States |
The Account Information page provides information about your Datto EDR license for the current tenant. From here, you can also designated a preferred maintenance window, enter contact information, and customize your company logo.
Page features
Feature | Definition |
License Details |
Provides the name, license type, number of seats, expiry date for the current account, and the average number of unique endpoints recorded by Datto EDR's subscription servers as active within the tenant over the last 30 days. |
Logo |
Add, edit, or delete the logo that appears in the upper right corner of the Executive Threat Report; maximum supported file size is 100 MB |
Tenant Information |
Provides your customer number and enables you to designate when your tenant will be upgraded during a new release |
Main, Technical, and Billing Contact |
Enables you to specify individual points of contact within your organization for the designated roles |
From the Extensions page, you can create and manage custom collection and response extensions capable of performing specific actions on endpoints in your environment.
Page features
Feature | Definition |
Extensions |
Switches to the extension management view |
Global Variables |
Switches to the variables management view |
Add Extension |
Begins the extension creation workflow; to learn more, review our Leveraging collection and response extensions article |
Add Variable |
Begins the variable creation workflow |
Search |
Enter a partial or whole value to filter current view to matching records |
Infocyte Extension Docs |
Opens the GitHub extension developer documentation |
Column definitions (Extensions view)
Extensions are executable files that run with administrative privileges on your endpoints. They are capable of performing response actions or collecting endpoint data.
Column header | Definition |
Name |
Name of the extension |
Type of extension; possible values are collection or response; for further details, refer to Collection extensions and Response extensions |
|
Active | Click the icon in this field to activate or deactivate the extension; indicates that the extension is active; indicates that the extension is inactive |
Default | Click the icon in this field to run the extension automatically during the daily scan; indicates that the extension will run; indicates that the extension will not run |
Last Modified | The time and date the extension was last updated |
Versions | Indicates how many versions of this extension have existed in your Datto EDR instance; version number iterates each time the extension is modified |
Author | The name of the author who created the extension |
Admin Only | Indicates whether this extension is only available for use by administrators |
Action menu; click to delete or view previous versions of the extension |
Column definitions (Global Variables view)
Global variables simplify development by providing the capability to create, assign values to, and reference variables within extensions.
Column header | Definition |
Name |
Name of the variable |
Type of variable; possible values are text, secret, boolean, and number |
|
Value | The parameters of the variable |
Action menu; click to delete the variable |