This article covers how to deploy the Webroot application to devices using Naverisk, monitor that the Webroot service is running, and configure alerts to be sent from the Webroot console to generate tickets in Naverisk.
Deploying Webroot to devices
A script pack is available that will check a device to see if Webroot is currently installed, and will install it if not present. This script can be run on demand, or triggered using a scheduled task.
If not already available in your Naverisk console, download the Webroot Auto Installer script pack from the Routine Store. In Naverisk, go to Settings > Script Packs and click Upload Script Packs to import the Webroot script pack. This would normally be imported to the top level of your Client Tree, so that it is available to devices at all your clients.
Before deploying the script pack, you must update it with your Webroot license key. The deployment will fail if the license key is not set in the script pack.
Obtain your Webroot license key. It will be in the form XXXX-XXXX-XXXX-XXXX-XXXX
Edit the script pack, enter your license key under Parameters
Save the script pack. It is now ready for use. Should your license key change, you will need to update the script pack accordingly.
Monitoring the Webroot Service
A Device Role is available on the routine store that checks that the Webroot service is running. Should it stop for any reason, an alert will be raised in Naverisk.
Download the Device Role from the routine store, and import it into Settings > Device Roles. Copy the device role to all clients that require Webroot service monitoring.
Add the device role to the desired devices either by adding it to the applicable Device Types, or individually to each device under the Monitoring tab.
Configuring Alerts
Webroot endpoints communicate directly to the Webroot console when events such as threats being detected occur. It is easy to configure the console to send these alerts to Naverisk so that your AV monitoring/alerting can be consolidated in one location.
In the Webroot console, click on the Alerts tab and create a new alert.
Name the alert, and select the required alert type. This would typically be Threat Detected, however you can also configure alerts for other events such as Endpoint Installed.
Under Recipients, enter the email address you are using for incoming support emails in Naverisk.
Select the desired Sites. This allows you to create separate alerts for different sites/clients if required
You can customise the template used for the email by adding attributes from the list at the bottom of the window.
These could be used in conjunction with the Naverisk Automation Rules by testing on the values populated by these attributes - for example, test for site name to assign the client in Naverisk.
Once configured, whenever an event is received by the Webroot console, an email will be sent to Naverisk that will raise a support ticket. This frees your engineers from having to monitor the Webroot console as well as Naverisk for AV alerts.