I want to create an AR that when we encounter 20threats on single computer it will do a scan of machine and alert on email.
any comments and guide.
Go to Solution.
Some approch to your problem:
-Create new automatic response
-Event group: Epo notification
-Event type: threat
Filter:Here you would likely take something like:
Thread Category = Malware or something or
Threat type = Trojan or something or
Thread Hanled = True
what ever you think should trigger the event
For Aggregation you could choose:
Trigger this response if multiple events occur within lets say 30 Minutes
When the number of events is at least: 20 (as you stated above)
Group aggregated events by: AgentGUID
On Actions you just configure your mail sending cotaining the details you would like to know and an "Run system command" -> Run client task-> On demand scan for VSE you have to create bevor in ePO.
This should to the trick for you.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC