I'm trying to figure out an easy way to create an email alert from all high severity correlated event. In the field match i dont have that field available.
I'm runnig version 9.3.1.
You will probably have to create another correlation rule that looks at the other correlation events and triggers when the severity exceeds your threshold.
Ugly I know but the filters on alarms are a bit primitive compared with other parts of the product and this has generally been the approach which gets some traction for me.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC