0 Replies Latest reply on Aug 1, 2011 5:34 AM by ldelrio

    Aggregated events email per machine name

      Hello,

       

      I feel a little bit confused about event aggregation in automatic responses.

      After upgrading form epo4.0 to epo4.5 all my autorresponses were wipped out, so I had to recreate them. And now I feel confused about some aspects.

       

      My target, get alerts like this:

      - Virus alert is received in the server from a single PC. That alert triggers an autorresponse wich sends an email.

      - New virus alert events received from the same machine but I want to hold them in the server for an hour. Once that hour has passed, send them all in an email.

       

      I have this configured:

      aggreg1.png

       

      But I get all virus events from all machines aggregated. I would like to receive an aggregated email for each machine

       

       

      I tried this:

      aggreg2.png

      But the emails are sent separatedly (5 virus events triggers 4 emails). I would like to receive only one email collecting all the data (in email notification I have configured the {setOfHostname}, {setOfProcessname} and so, to get the list of machines, processes, objects, etc)

       

      Could you help me to fine tune these alerts? I find not very much documentation and examples about this.

       

      Thank you!

      Luis.