1 Reply Latest reply: Jul 9, 2014 3:53 PM by Scott Sadlocha RSS

    Report

    dpkrijgsman

      Hi,

       

      I am trying to make a report with automatic response:

       

      The automatic reponse works fine  because i have it working for others .

       

      Anyway i am trying to create a report  that has a automatic reponse because of the following:

       

      - a computers has more then 10 malware events with in 1 hour -> send report

      - Or more then 10 computers are infected in 1 hour -> send report

       

       

      As a report filter i have:

       

      1. Event category belongs to malware detected

       

      Aggrretation: 

       

      trigger response 1 hour

      detected  distinct values 10

       

      or 25 number events

       

      every 15 min  throttling

       

      Any help?

        • 1. Re: Report
          Scott Sadlocha

          Bumping this post, because I would like to see the same thing as well. In the past I used Symantec, and it was very easy to set up alerts such as this. I would like to set this up in McAfee, where I could receive a notification if 1 system had 10 threat alerts in an hour, or if 10 systems have the same threat within 1 hour.