McAfee EPOCDE-AA-BA Product Guide - Page 212
About using Automatic Responses, Automatic Responses and how it works, Send SNMP traps
View all McAfee EPOCDE-AA-BA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 212 highlights
18 Responding to events in your network About using Automatic Responses About using Automatic Responses The complete set of event types for which you can configure an automatic response depends on the software products you are managing with your ePolicy Orchestratorserver. By default, your response can include these actions: • Create issues • Execute server tasks • Run external commands • Run system commands • Send email messages • Send SNMP traps The ability to specify the event categories that generate a notification message and the frequencies with which such messages are sent are highly configurable. This feature is designed to create user-configured notifications and actions when the conditions of a rule are met. These include, but are not limited to: • Detection of threats by your anti-virus software product. Although many anti-virus software products are supported, events from VirusScan Enterprise include the IP address of the source attacker so that you can isolate the system infecting the rest of your environment. • Outbreak situations. For example, 1000 virus-detected events are received within five minutes. • High-level compliance of ePolicy Orchestrator server events. For example, a repository update or a replication task failed. • Detection of new rogue systems. Automatic Responses and how it works Before you plan the implementation of Automatic Responses, you should understand how this feature works with ePolicy Orchestrator and the System Tree. This feature does not follow the inheritance model used when enforcing policies. Automatic Responses use events that occur on systems in your environment that are delivered to the server and configured response rules associated with the group that contains the affected systems and each parent above it. If the conditions of any such rule are met, designated actions are taken, per the rule's configurations. 212 McAfee® ePolicy Orchestrator® 4.6.0 Software Product Guide