How to create a rule to send an email notification on Authentication directory failures

Version 1

    Note:  Please reference community article ""https://community.mcafee.com/community/business/email_web/webgateway/blog/2011/0 5/18/have-you-ever-wondered-what-incidents-inside-mwg-are"" for the incidents available.

    Per that document, we are going to specify a range of Incident.ID greater than or equals 900, AND less than or equals 999.

     

    1. Navigate to 'Policy' -> Rule Sets (tab) -> Error Handler.
    2. Expand out the 'Default' error handler rule set.
    3. Click to 'Add' a new rule set, and select 'Rule Set from Library'.  There, click to 'Import from file'.
    4. Browse to the rule set that is attached to this article, below. 
    5. You likely will see a 'Conflict'.  Click to 'Auto-Solve Conflicts', and then 'Solve by referring to existing objects'.
    6. Next, move the rule set called 'Monitor Authentication directory connection' to the relative location as shown in the screenshot below:
    7.  

      Monitor_Authentication_directory_connection-location.JPG

       

    8. Next, click to 'Edit' the rule called 'Send Email for Notification'.
    9. After, click on the '4.Events' section, and click to edit the 'Email.Send...' event.
    10. In the 'Edit Event' dialog box, click on 'Parameters'.
    11. Update 'Parameter 1', with the recipient email address, then click OK.
    12. Back in the 'Edit Event' dialog box, you'll note the 'Settings' drop down.  This will allow you to select your email server information.  Click to 'Edit' the applicable setting container, with the required email sever information.
    13. Click OK, and then click OK again on the rule, and then save your changes, and you are all set to go!