cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Geraint
Level 8
Report Inappropriate Content
Message 1 of 8

Automatic Response for threat is not working

Jump to solution

I've set up automatic responses for threat alerts but they are failing to send. Emails for all my scheduled reports are coming through but not automatic responses. I've tested this by setting up automatic responses for browser navigation and its sending nothing. I see that this has been an issue previously [2019, not working on parent groups, only on individual groups] but I've tested this and it still fails to work. Any thoughts or testing suggestions are welcome.

1 Solution

Accepted Solutions
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 8

Re: Automatic Response for threat is not working

Jump to solution

What version of epo and update level are you running?  There is one issue fixed in update 5 for epo 5.10 

Issue: Automatic Responses are not triggered when multiple subgroups are defined in the filter criteria.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

7 Replies
aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: Automatic Response for threat is not working

Jump to solution

I  would start looking if the events are arriving to the ePO/DB, for that please take a look at the below article:

https://kc.mcafee.com/corporate/index?page=content&id=KB53035

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 8

Re: Automatic Response for threat is not working

Jump to solution

Some of it also depends on how you have the response set up.  Can you show screenshots of the settings for it?  Don't post the page that shows your email server, just the other settings for what it is supposed to trigger on and how it is aggregated.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Geraint
Level 8
Report Inappropriate Content
Message 4 of 8

Re: Automatic Response for threat is not working

Jump to solution

Thank you.

I've attached a screenshot of the test which I have set up as a 'Client' event type. The automatic response I want to configure will be for the parent folder and for threat event types but for this test which failed on the parent group I have drilled down to a sub-group.

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 8

Re: Automatic Response for threat is not working

Jump to solution

Thank you, now lets see if the ePO server is receiving events for those machines.

On any machine that belong to those groups, if you click on it on the system tree and then on the Threat Events tab, do you see the desired events? or even on the actual threat event log?, here is a screenshot of the tab i mean:

 

1.png

 

 

Geraint
Level 8
Report Inappropriate Content
Message 6 of 8

Re: Automatic Response for threat is not working

Jump to solution

I have checked and yes the events are being received by the ePO server.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 8

Re: Automatic Response for threat is not working

Jump to solution

What version of epo and update level are you running?  There is one issue fixed in update 5 for epo 5.10 

Issue: Automatic Responses are not triggered when multiple subgroups are defined in the filter criteria.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

Geraint
Level 8
Report Inappropriate Content
Message 8 of 8

Re: Automatic Response for threat is not working

Jump to solution

ePO 5.10.0 and update 9

I now have alerts working for reporting updates so I think I've resolved this issue and I just need to tailor the reporting for the threat events. Thanks for your help.

Event description: The update was successful

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community