9 Replies Latest reply on Oct 1, 2014 8:13 AM by fitchsoccer342

    Tagging rogue systems

    oldskoolskater

      Hi All

       

      Running EPO 4.6.8 (Build 112) and have a large number (500+) of systems listed as rogue.

      There's a mix of servers/linux/printers/switches in the list and I'd like get the rogue systems sorted out quickly and efficiently into the system tree if possible using tags.

      I've managed to create a tag for the linux O/S but am unsure how I apply this tag to the rogue systems list so that all linux systems are tagged ready for moving into the system tree (presumably a manual process?)

       

      I'm new to EPO and wondering if this is the best way to go about getting the rogues covered or excluded by AV.

       

      Any tips or ideas would be greatly appreciated!

       

      Cheers

       

      Oldskoolskater

        • 1. Re: Tagging rogue systems
          fitchsoccer342

          One way of doing it could be by go to Menu > Automation > Automatic Responses.

           

          From there create an response for RSD detected systems, filter for whatever OS you want, and then move them to whatever location you want in your system tree.

          • 2. Re: Tagging rogue systems
            oldskoolskater

            Thanks, I'll give it a go!

            • 3. Re: Tagging rogue systems
              oldskoolskater

              One question though - I've created the auto response but how do I trigger it?

              I guess I could delete all the rogue systems and allow them to be re-added automatically, but there must be an easier way than that?

               

              cheers

              • 4. Re: Re: Tagging rogue systems
                fitchsoccer342

                oldskoolskater wrote:

                 

                One question though - I've created the auto response but how do I trigger it?

                I guess I could delete all the rogue systems and allow them to be re-added automatically, but there must be an easier way than that?

                 

                cheers

                While your building your automatic response there is a Aggregation portion, which specifies when you want the response to be triggered. If you have it set to "trigger this response for every event", as long as you have the automatic response setup correctly, it should start moving any new RSD detections for whatever filter you have into your system tree.

                • 6. Re: Re: Tagging rogue systems
                  oldskoolskater

                  By new RSD detections I presume you mean newly discovered systems added to rogue systems, thus generating the event trigger to move to the system tree.

                  What about the existing systems in rogue - do they remain untouched as they will not  generate an event trigger, thus will not be moved to the system tree?

                   

                  I do have the response set as you suggest for "trigger this response for every event"

                  • 7. Re: Tagging rogue systems
                    fitchsoccer342

                    Yeah, I don't think existing systems in the RSD console will be moved, only new machines creating the trigger. You could delete all the old detections and then let it filter in new detections over time.

                     

                    Have you seen anything moved into your system tree yet? Once the machines are moved to whatever location in your system tree you can have a client task to push the agent to it, or any other modules.

                    • 8. Re: Tagging rogue systems
                      oldskoolskater

                      I'm getting there!

                      Right then, I created the auto responses and nothing happened - even though I deleted all the rogue systems and let them be re-discovered.

                      Got it working by deleting the RSD as per Technical Article ID:  KB75700 and systems started coming through into the system tree at last


                      In the rogue systems I've got the usual mix of PCs, printers, switches, etc, etc so I've created auto responses to move all the items into relevant folders in the system tree which deploy the agent as necessary on a per folder basis. I didn't add anything to exceptions, rather just move them to a relevant folder that doesn't apply the agent, so in this way I can get a good understanding of what is detected and what's not.


                      Should I be using exceptions rather than doing the above for non-av systems? Any opinions would be welcomed

                      • 9. Re: Tagging rogue systems
                        fitchsoccer342

                        Yeah I've got it setup so it auto moves printers/switches/routers/etc. into an exception group within RSD  instead of the system tree. But I've seen it done different ways, so it's up to you and your organization really, on how you want to handle the RSD.