Set up threshold-based alarms for servers monitored without an installed agent, using either WMI for Windows servers or SNMP for network-attached devices. Alarm rules can be configured at a group level or directly on individual monitored devices.
Agentless monitoring in Cloudmon covers two methods: WMI, which polls Windows servers directly using Windows Management Instrumentation without requiring an installed agent, and SNMP, which polls network-attached devices using the Simple Network Management Protocol. Both methods support the same alarm rule structure, and the available metrics depend on the monitoring method and template assigned to the device.
There are two ways to configure alarm rules for agentless monitored devices:
Each alarm is built around a simple IF/THEN model, where you select a metric, set a threshold, and define what happens when it is breached. Learn more.
Below are recommended alarm configurations for the most common agentless monitoring scenarios, covering WMI monitored devices:
| Use Case | Method | Metric | Suggested Threshold | Why |
| Windows server CPU under sustained load | WMI | CPU Utilisation | Above 90% for 2 intervals | Identifies Windows servers running at capacity before application performance degrades for users. |
| Windows server memory pressure | WMI | Memory Utilisation | Above 85% for 2 intervals | Catches sustained memory pressure on Windows servers before it causes paging, slowdowns, or service crashes. |
| Disk nearly full on Windows server | WMI | Disk Utilisation | Above 85% for 1 interval | Prevents application failures caused by event logs, databases, or temp files filling the disk on agentlessly monitored servers. |
| Network device high CPU | WMI | CPU Utilisation | Above 80% for 3 intervals | High CPU on a router or switch indicates traffic storms, routing loops, or DDoS activity that could destabilise the network. |
| Interface bandwidth saturated | WMI | Interface Utilisation | Above 80% for 2 intervals | Identifies uplinks or WAN interfaces approaching capacity before congestion causes packet loss and latency for users. |
| Network device memory exhaustion | WMI | Memory Utilisation | Above 85% for 2 intervals | Low memory on network devices causes routing table instability, dropped BGP sessions, and increased packet processing errors. |
| Windows network activity spike | WMI | Network Activity | Above expected baseline for 2 intervals | Unusual network spikes on a Windows server can indicate data exfiltration, a misconfigured backup job, or a rogue process. |
Once saved, all triggers for a device are listed in the Triggers table under the Alarm Rule section. Each row shows the trigger title, alarm severity, whether notifications are configured, whether a third-party service is linked, and whether a script is set to run. Triggers can be edited or deleted at any time using the action icons on the right.
To apply consistent alarm coverage across all WMI or SNMP devices of the same type, save the rule as a reusable template under Settings → Configurations → Alarm Rules and associate it to a group. This ensures every device of that type is covered without individual configuration.