cancel
Showing results for 
Search instead for 
Did you mean: 

Email notifications

In epo i get all the info i need, but for some reason the email doesnt report the IP address, any ideas?

ePolicy Orchestrator Notification
Rule: Virus detected and removed
Rule Defined At: Directory
Description: Notifications sends an e-mail message when "Virus Detected and Removed" events are received.

Number of events: 1
Source computer IP addresses: Not Available
Actual threat names: EICAR test file
Actual products: VirusScan

For additional information, see the Notification Log in the ePolicy Orchestrator console.
5 Replies
twenden
Level 13
Report Inappropriate Content
Message 2 of 6

RE: Email notifications

I believe that I had the same issue as you.

The way that I fixed it was to use the following parameters {AffectedComputerIPs} which will display the IP number.

In our subject line for email alerts I enter the following:


Virus Detected: {ReceivedThreatNames} {AffectedComputerNames} {AffectedComputerIPs} :{EventDescriptions}

RE: Email notifications

That worked, thank you!
tonyb99
Level 13
Report Inappropriate Content
Message 4 of 6

RE: Email notifications

as you have found source computer is the source computer/website of the infection affecting that computer (affected computer) in epo 4.0 data source is usually blank

RE: Email notifications

Aaaaaaaah I get it, ta grin
SergeM
Level 9
Report Inappropriate Content
Message 6 of 6

RE: Email notifications

First thanks to Matthaus for starting this thread, it got me looking into those mail notifications. I'd disabled (most of) them because we were geting loads of messages here and at first I just didn't have any time to look into this.



I'm presently playing/trying different mail notifications... The problem is that I sometimes get tons of messages or a message with a lot of System names & IP... it becomes difficult to filter the emergency...

Anyone has some experience to share ?