I have some data sources (around 100) that giving logs to SIEM in every an hour.
Few days agao some systems (3 may be) not sending logs to SIEM.
How can i configure an Alarm that triggers when any devices does not send logs?
There an alarm for inactivity. Try that, it never worked for me btw.
You can do Device Health and Device Failure alerts. I think the device health triggers on flags, and if a data source were to go inactive it should flag the receiver.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC