Understanding the Integrations page
NAVIGATION > Admin > Integrations
SECURITY Datto EDR subscription with administrator-level platform access
From the Integrations page, you can configure Datto EDR to automatically create tickets in your PSA platform when an agent generates an alert. You can also make alerts available for collection and relay to the destination syslog, Splunk, or Elastic log server of your choice.
This article describes the page's layout and functions.
NOTE If you prefer to receive alerts via webhooks, refer to Creating Datto EDR webhooks.
Overview
-
To access the Admin page, in the top navigation menu, click > Admin > Integrations.
-
When the page loads, you'll see the following features and fields.
Page features
Feature | Definition |
Business Management & Ticketing |
Enables you to connect Datto EDR to supported Professional Services Automation (PSA) solutions and stay on top of critical alerts automatically; for more information, refer to Configuring the BMS & Vorex integration, Configuring the VSA 10 integration, and Configuring the Autotask integration |
Enables you to manage the relay hosts that make Datto EDR alert logs available for collection by syslog, Splunk, or Elastic relay hosts; refer to the Alert Collectors section of this article for feature and field definitions |
|
Alert Relays |
Manage the log relay hosts that facilitate agentless alert collection on behalf of the Datto EDR cloud service; to learn more about this feature, refer to Alert Relays |
Alert collectors and relays
Clicking the name of any alert collector integration opens its dedicated management page. When the page loads, you'll see the following features and fields.
Syslog, Elastic, and Splunk page features
Feature | Definition |
Add Syslog Collector |
Click to add a new relay host; when prompted, enter a user-friendly server name for the integration, select the port on which to make the alerts available, select object types, and click Save |
Syslog, Elastic, and Splunk column definitions
Column header | Definition |
Server | User-friendly name of the server; click to edit or make configuration changes |
Port |
Assigned port to which Datto EDR will make the logs available |
Enabled |
Click the icon in this field to activate or deactivate the collector; indicates that the collector is active; indicates that the collector is inactive |
Action menu; click to delete the selected collector |
The Alert Relays feature enables management of the log relay hosts within your network that facilitate agentless alert collection on behalf of the Datto EDR cloud service. When enabled, agent alerts for each controller are relayed to the destination syslog, Splunk, or Elastic log server of your choice.
Before you can begin log collection, you'll need to set up a server integration. For more information, refer to Alert Collectors.
IMPORTANT Controllers are supported on Microsoft Windows Server 2012+ hosts and workstations with Windows 7+. Log servers must have .NET version 4.5.1 or up installed. For help with the installation and management of alert relays, please Technical Support.
Page features
Feature | Definition |
Search |
Enter a partial or whole value to filter current view to matching records |
Filter |
Filter current view by controller authorization status |
Enable |
Enable selected controllers or all controllers in the current view |
Disable |
Disable selected controllers or all controllers in the current view |
Action menu; click to delete the selected controller |
Column definitions
Column header | Definition |
ID | UUID assigned to the log server by Datto EDR |
Name |
User-friendly name of the server; click the pencil icon to edit |
Host |
Assigned hostname and IP address of the endpoint |
Operating System |
Operating system installed on the endpoint |
Authorized | Enables you to permit or prevent a relay from connecting to your EDR instance and retrieving alerts |
Last Seen | Last date and time that the EDR platform received telemetry from the host |
Active | Indicates whether the selected log relay is active |
Action menu; click to disable, delete, or fetch logs from the selected controller |