cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Yannick_Hache
Level 8
Report Inappropriate Content
Message 1 of 10
‎03-13-2019 12:50 PM

How to get notified when Protection Workspace assign the tag "Escalated"

Jump to solution

Hello,

      The title says it all, i want to get notified when a system gets assigned the tag "Escalated" from the Protection Workspace. I've been trying to find a way but couldnt.

I can't see a "tag" filter in the automatic response.

If i make a report, it will send me an empty file every X min.

Is there a way to do what i'm trying to achieve ?

Thanks!

0 Kudos
Reply
1 Solution

Accepted Solutions
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 10
‎03-13-2019 02:00 PM

Re: How to get notified when Protection Workspace assign the tag "Escalated"

Jump to solution

That function currently does not exist, so you would need to submit an idea for that functionality.  It sounds like a great idea.

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

0 Kudos
Reply
9 Replies
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 10
‎03-13-2019 01:39 PM

Re: How to get notified when Protection Workspace assign the tag "Escalated"

Jump to solution

When it sends you an empty report, are there actual systems that do have the tag applied?  How specifically is your report or query set up?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Yannick_Hache
Level 8
Report Inappropriate Content
Message 3 of 10
‎03-13-2019 01:41 PM

Re: How to get notified when Protection Workspace assign the tag "Escalated"

Jump to solution

So, the thing is, my report works fine if there is actual system with the tag. but i would like the report to be generate/sent "only" if there is ...  As if i do a check on the server every 10 min, i don't want 6 reports/h if none of the system we manage have the tag.

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 10
‎03-13-2019 01:43 PM

Re: How to get notified when Protection Workspace assign the tag "Escalated"

Jump to solution

That would be a new feature, as that is not possible.  There is no way to evaluate if a query returns empty results or not.  The task just runs the query and sends the results, whether it is null or not.

KB60021 tells how to submit an idea for feature requests.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Yannick_Hache
Level 8
Report Inappropriate Content
Message 5 of 10
‎03-13-2019 01:45 PM

Re: How to get notified when Protection Workspace assign the tag "Escalated"

Jump to solution

And what about when the server decides to apply the tag "escalated" on its own; can we attach an action to that task like advise the admin?

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 10
‎03-13-2019 02:00 PM

Re: How to get notified when Protection Workspace assign the tag "Escalated"

Jump to solution

That function currently does not exist, so you would need to submit an idea for that functionality.  It sounds like a great idea.

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

0 Kudos
Reply
Yannick_Hache
Level 8
Report Inappropriate Content
Message 7 of 10
‎03-14-2019 05:08 AM

Re: How to get notified when Protection Workspace assign the tag "Escalated"

Jump to solution

I just did : https://community.mcafee.com/t5/Business-Ideas/Protection-Workspace-notification-for-escalated-devic...

Thank you

Reply
tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 10
‎03-14-2019 05:16 AM

Re: How to get notified when Protection Workspace assign the tag "Escalated"

Jump to solution

I've used the following method before - tagging a system w/infection triggered by eventID, moving that system to a quarantine folder and sending E-mail alert. All driven by auto response and server tasks.

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 10
‎03-14-2019 05:27 AM

Re: How to get notified when Protection Workspace assign the tag "Escalated"

Jump to solution

That may work for detections, but protection workspace can tag it escalated if out of compliance with dat versions, etc., so there isn't an event for that necessarily. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
tao
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 10 of 10
‎03-14-2019 05:46 AM

Re: How to get notified when Protection Workspace assign the tag "Escalated"

Jump to solution

Well, build a query based off the tag (protection workspace can tag it) excluding the move location, create task to move it, disable sort & E-mail. 

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC