cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Individual Email Notification if any computer switches to Non-Compliant

Jump to solution

Hi,

I am using McAfee epolicy Orchestrator 5.3.3

Is it possible to create a email notification, if a server switches from compliant to non-compliant ?

I need to create this email notification, so anytime server turns into non-compliant, an email to sent to my IT helpdesk team, so my IT helpdesk can quickly look into that machine and take proper action.

1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Individual Email Notification if any computer switches to Non-Compliant

Jump to solution

There are no automatic responses for that, but you can create a compliance query for servers based on your criteria for compliance.  That is a Boolean pie chart query.  Then you would filter it to return only those that don't meet compliance criteria.  Once you have the query, you can create a server task to run that query on the frequency you desire, and as secondary action, email it to specified recipients.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

3 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Individual Email Notification if any computer switches to Non-Compliant

Jump to solution

There are no automatic responses for that, but you can create a compliance query for servers based on your criteria for compliance.  That is a Boolean pie chart query.  Then you would filter it to return only those that don't meet compliance criteria.  Once you have the query, you can create a server task to run that query on the frequency you desire, and as secondary action, email it to specified recipients.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Individual Email Notification if any computer switches to Non-Compliant

Jump to solution

cdinet. Thank you for the info. I'll look forward to get it into production.

Just one last question. Can I get that email in such a manner that single email for single server ??

My final objective is, get that email transferred to my ServiceDesk tool, so it will automatically create a ticket. This way, If 1 email will contain 1 server, then it will create 1 ticket for every server ( which turned non-compliant)

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Individual Email Notification if any computer switches to Non-Compliant

Jump to solution

I honestly don't see a way to do that with this method.  The problem is that the query, to show compliance, has to be a Boolean type.  Different types of queries have different options available to them.  You might want to look at a different option.  There is an option for setting up an automatic response for threat events where the event id would equal to the update failed event ID.  Perhaps that might be a better approach for you.  You can look at the specific event id's in your events to determine which one you want to use.  You can also add to the filter for the response where tag = server to restrict it only to servers.  If your ticketing server is tied into epo, you can have the response create an issue.  Otherwise, send email for every event with no aggregation. 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center