Contents

Changelog

New: Slack Notification Grace Period

September 1st, 2021

Today, when a device fails a Check, Kolide immediately schedules a Slack message to be sent to an end-user during their next notification window (the next weekday afternoon in their local time).

For many Checks, this is desired; Kolide has caught a serious problem, and you want to let the user know about it quickly. Sometimes though, this approach can feel a bit punitive. For example, if Kolide detects a Windows device is missing an important update that was just released, you may want to give the user at least a few days to take care of the problem before triggering a reminder.

To help with this use case, we are excited to introduce a new feature called Notification Grace Periods. When a grace period is configured for a Check, Kolide will generate a failure as soon as it detects a problem but will hold the notification sent to the end-user until the grace period has expired.

To configure a grace period, go to the Check’s configuration page and ensure the Notify Device Owner strategy is selected. If it is, a new dropdown will appear where you can choose how many days you’d like Kolide to wait before notifying the end-user. When the grace period expires, we will notify them during their next notification window.

We highly recommend choosing a delay on any checks where the user’s failing state is temporary and will likely be resolved by the end-user within a few days. The Windows and macOS missing important update Checks are great candidates for this new feature.

To help admins better understand the state of a Failure with a grace period, we updated the failure details sidebar to show when the end-user was first notified and when Kolide first detected it. We’ve also added the first notified time to the table view and the failures API as first_notified_owner_at.

While we do not proactively notify end-users about failures in the grace period, we still allow motivated users to see these failures if they wish when interacting with the Kolide Slack app. If a user has failures that meet this requirement, they will see an option to view those failures in their Slack app home tab, or when they type the status command.

We hope you find this new feature useful. As always, we welcome your questions and comments.

Share this story:

More articles you
might enjoy:

Changelog
New: Custom Slack Messages for Checks
Kolide
Changelog
More Slack App Improvements and Settings
Kolide
Changelog
Our New CrowdStrike Falcon Check
Jason Meller
Watch a Demo
Watch a Demo