Hi ePO novice,
could you just clarify
do you wants to receive the alert mail wen threats detected ?
do you wants the out put of the ODS scan results ?
1 of 1 people found this helpful
I think this could help you,
1) Kindly duplicate the query "VSE top 10 detected threats" and edit the duplicated query
2)increase the Maximum items from 10 to highest value
3)click next and next then add the threat events "Analyzer detection method" and select the MAnaged ODS task for example "weekly scan servers" also modify the event generated time as per your requirements
4)run and save the query
5)create a new server task server task and scedule it after the scan complete( but you need to aware when the scan will gets complete )
Note : am not 100 % sure this will perfectly work because we need some fine tune this to get successfull
Thanks for your reply, I was just after the Output of the scan results to see what we were being hit by and what was being caught/ deleted. (workstations only)
What I've ended up doing is creating threat queries and basing them on Event ID's from the server.
So My First scan is based on Event ID 1202 (number of Scans started)
- Event 1203, Number of On Demand scans completed
- Event 1039, Scan found and cleaned/deleted....etc ( I think for this I might just need to trawl through the event ID's and add in an entry for each ID that relates to a action that cleans or removes a threat.
- Event 1035, Scans that were cancelled.
I just set the generation time to the last 4 days and on Monday morning I can get a decent understanding of what ran on the friday scan.
Any other tips would be much appreciated.