1 2 Previous Next 14 Replies Latest reply on Jul 16, 2013 10:45 AM by adamn Go to original post
      • 10. Re: Unable to view results after scan from ePO

        Hi Attila,

         

        I figured out how to control the alerts and have it only send me 1 notification. All I had to do was work with the filters and select this..

         

        Threat Category => Belongs To => Malware Detected

        and Threat Handled => Equals => True/False

        and OS Platform => Equals =>Server

         

        Now that I have that resolved, I just want the title of the email to contain the server name/host name so that I can tell which server has been effected right when I look at my emails. If you have any suggestions please post them, thanks!

         

        *Edit I have found this as well, it is called "Target Host Name"

         

        You have a huge help, thank you Attlia!

         

        - Adam

         

        Message was edited by: adamn on 7/12/13 5:53:53 PM CDT
        • 11. Re: Unable to view results after scan from ePO
          Attila Polinger

          Exactly what is the process again that you developed?

           

          With automatic responses the email can have a variable which is substituted, but I am unsure if you can use any variable/dtabase substitue with server tasks...

          Which one do you use?

          • 12. Re: Unable to view results after scan from ePO

            Hi Attlia,

             

            I'm not exactly sure if I understand your question, but this is what i've done to resolve all my issues. I have not been using any server tasks throughout my project, I have only been using client tasks. I've been using client tasks to install Virus Scan Enterprise on my servers and perform scans on my servers. I then created a new contact on the ePO server so that I can select myself when setting up the response emails. When I set up the email responses/notifications I went to automatic responses, clicked new response and then configured my own response. I selected my own filters, aggregation and actions. Under "Actions" I select my email (This is from the contact I created) then I added a couple variables to show which servers currently have threats on them. For example, I put {listOfTargetHostName} in my subject line of the automatic response so that I will be able to see the server name in the email. For the body of the email I added {responseRuleName} to show which response has triggered and {listOfTargetFileName} to show which file has been threatend.

            • 13. Re: Unable to view results after scan from ePO
              Attila Polinger

              Hi Adam,

               

              this was just what I needed to know as during the conversation thread I became unsure which method you would be taking (I knew you started with client tasks, I was unsure if you stayed with automatic responses).

              I think now you have managed to finalize the whole thing and you can run client tasks and can view/get nofitied of the results properly.

               

              I just suggested using server task since automatic response does not offer event query option it just reacts to a certain event and I thought you were interested in seeing the scan results for a given client but cannot see those results - of a client scan task -  at the client Threat events in the gui.

               

              Anyway I am glad its ok now for you.

              • 14. Re: Unable to view results after scan from ePO

                Hi Attlia,

                 

                Yeah, I stuck with the client tasks and automatic responses, didn't touch server tasks. Everything is working smooth at the moment, but if something happens i'll be sure to post on the discussion board, thanks for clarifying and for all the help!

                 

                -Adam

                1 2 Previous Next