0 Replies Latest reply on Aug 1, 2011 5:34 AM by ldelrio

    Aggregated events email per machine name



      I feel a little bit confused about event aggregation in automatic responses.

      After upgrading form epo4.0 to epo4.5 all my autorresponses were wipped out, so I had to recreate them. And now I feel confused about some aspects.


      My target, get alerts like this:

      - Virus alert is received in the server from a single PC. That alert triggers an autorresponse wich sends an email.

      - New virus alert events received from the same machine but I want to hold them in the server for an hour. Once that hour has passed, send them all in an email.


      I have this configured:



      But I get all virus events from all machines aggregated. I would like to receive an aggregated email for each machine



      I tried this:


      But the emails are sent separatedly (5 virus events triggers 4 emails). I would like to receive only one email collecting all the data (in email notification I have configured the {setOfHostname}, {setOfProcessname} and so, to get the list of machines, processes, objects, etc)


      Could you help me to fine tune these alerts? I find not very much documentation and examples about this.


      Thank you!