cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 9
Report Inappropriate Content
Message 1 of 11

Mcafee ATD notification

Jump to solution

Dears,

is there a way to send a notification email when ATD find a malicious file?

1 Solution

Accepted Solutions
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 11

Re: Mcafee ATD notification

Jump to solution

Hello,

a) ATD: Sadly No you CAN only send a THREAT allert with absolute no info you can USE from reports OR automatic answer. There is INFO under: ATD Event Log Information of the TREATH in EPO but you simply can't use it in standard reports. Maybe possible if you use the EPO-API or direct on the SQL tables.

b) Sending E-Mail from ATD: We are sadly dissapointed that they where unable to INTEGRATE that into release 4.0. There has been a MCAFEE IDEA posted from several people for that. They have the E-Mail/SMTP module so sending an E-Mail should not be a problem. It's three lines of code anyway so why not?. BUT maybe if you buy such a XX-Dollar thing they think you have SIEM (Splunk) or large syslog servers in place with reporting etc.

c) TIE: Yes for the TIE you can send such an E-mail play around with and EVENT (Threat) you see in EPO and try to build and automatic Respone.

Heres is a sample from ENS 10.5 and TIE. We send an alert when something is blocked.

Info we get BACK from ATD to EPO sample:

View solution in original post

10 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 11

Re: Mcafee ATD notification

Jump to solution

Hi bec3

Nope - you can't configure or send email notifications from ATD. You could however syslog the analysis results out to a SIEM/syslog server and configure email notifications there.

Regards

David

Highlighted
Level 9
Report Inappropriate Content
Message 3 of 11

Re: Mcafee ATD notification

Jump to solution

Thanks David for the quick response,

okay, what about TIE? can we send notification from TIE when a bad reputation found?

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 11

Re: Mcafee ATD notification

Jump to solution

No worries bec3

For TIE, I'm not 100 % sure...

I could check the product guide to confirm it..but since TIE is fully integrated with ePO, I'm pretty sure you can email out notifications for specific TIE events from ePO.

Regards

David

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 11

Re: Mcafee ATD notification

Jump to solution

Hello,

a) ATD: Sadly No you CAN only send a THREAT allert with absolute no info you can USE from reports OR automatic answer. There is INFO under: ATD Event Log Information of the TREATH in EPO but you simply can't use it in standard reports. Maybe possible if you use the EPO-API or direct on the SQL tables.

b) Sending E-Mail from ATD: We are sadly dissapointed that they where unable to INTEGRATE that into release 4.0. There has been a MCAFEE IDEA posted from several people for that. They have the E-Mail/SMTP module so sending an E-Mail should not be a problem. It's three lines of code anyway so why not?. BUT maybe if you buy such a XX-Dollar thing they think you have SIEM (Splunk) or large syslog servers in place with reporting etc.

c) TIE: Yes for the TIE you can send such an E-mail play around with and EVENT (Threat) you see in EPO and try to build and automatic Respone.

Heres is a sample from ENS 10.5 and TIE. We send an alert when something is blocked.

Info we get BACK from ATD to EPO sample:

View solution in original post

Highlighted
Level 10
Report Inappropriate Content
Message 6 of 11

Re: Mcafee ATD notification

Jump to solution

This is highly disappointing. So the information is there but you'll need a SIEM to get at it. Just great.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 11

Re: Mcafee ATD notification

Jump to solution

Maybe another option would be to use the ATD API and script a scheduled check that will trigger an email out based on the threat level of the file inspected? And maybe even add some of the report details... But haven't used the ATD API do not sure how much I do you could pull that way and automate the email notification.

Regards

David

Highlighted
Level 10
Report Inappropriate Content
Message 8 of 11

Re: Mcafee ATD notification

Jump to solution

Appreciate it, but we're moving forward with a SIEM product anyhow.

Highlighted

Re: Mcafee ATD notification

Jump to solution

Could you please help me to understand this issue. What is this threat message about to.

Highlighted

Re: Mcafee ATD notification

Jump to solution

So anyone could explain what is the cause of this event where threat_name is "atd_detected_threat", Threat Category is "malware" and threat handled is "no".

Signature ID:357-36725 , Normalize ID:1344274432 , Event ID:110537401683

Is it a real threat or issue of ePO/ATD.

What is this issue exactly ?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community