McAfee EPOCDE-AA-BA Product Guide - Page 214
Planning, Determining how events are forwarded, Default notification rules
View all McAfee EPOCDE-AA-BA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 214 highlights
18 Responding to events in your network Planning Default notification rules Rule Name Distributed repository update or replication failed Malware detected Associated Events Configurations Distributed repository Sends a notification message when any update or update or replication replication fails. failed Any events from any unknown products Sends a notification message: • When the number of events is at least 1,000 within an hour. • At most, once every two hours. • With the source system IP address, actual threat names, and actual product information, if available, and many other parameters. • When the number of selected distinct value is 500. Master repository update or replication failed Non-compliant computer detected RSD: Query New Rogue Detection Master repository update or replication failed Non-Compliant Computer Detected events New rogue system detected Sends a notification message when any update or replication fails. Sends a notification message when any events are received from the Generate Compliance Event server task. Queries the newly detected system for a McAfee Agent. Planning Before creating rules that send notifications, save time by planning: • The event type and group (product and server) that trigger notification messages in your environment. • Who should receive which notification messages. For example, it might not be necessary to notify the administrator of group B about a failed replication in group A, but you might want all administrators to know that an infected file was discovered in group A. • Which types and levels of thresholds you want to set for each rule. For example, you might not want to receive an email message every time an infected file is detected during an outbreak. Instead, you can choose to have such a message sent at most once every five minutes, regardless of how often that server is receiving the event. • Which commands or registered executables you want to run when the conditions of a rule are met. • Which server task you want to run when the conditions of a rule are met. Determining how events are forwarded Use these tasks to determine when events are forwarded and which events are forwarded immediately. The server receives event notifications from McAfee Agents. You can configure agent policies to forward events either immediately to the server or only at agent-to-server communication intervals. 214 McAfee® ePolicy Orchestrator® 4.6.0 Software Product Guide