cancel
Showing results for 
Search instead for 
Did you mean: 

Need to configure Alert when ERC is not receiving logs or when it is down

Need to create a alarm when ERC is down and also similar for the other component in the SIEM

Please help in creating alarm for the same.

2 Replies
Reliable Contributor akerr
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: Need to configure Alert when ERC is not receiving logs or when it is down

In the ESM alarms page, create an alarm with type "Device Status Change" checking the appropriate boxes (likley warning, critical, and connection) and set the devices you want to be alerted on.

Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Need to configure Alert when ERC is not receiving logs or when it is down

if it's done, you can use device failure. not receiving logs I need this too, but from previous experience, the built-in status alarm doesn't work.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator