3 Replies Latest reply on May 21, 2015 11:02 AM by absoblogginlutely

    How do you create a server response to alert if a single machine gets more than 20 infection reports in 30 minutes?


      To get better notifications of outbreaks, I'd like a server response to send an email if an agent reports multiple infections, say 20 within a 30 minute period.

      I created a server response as follows thinking this would work with additional throttling to prevent my email notifications going haywire.


      Screenshot - 5_14_2015 , 10_39_35 AM.png

      Unfortunately what seems to have happened is that my entire system tree detects 20 events and then sends me an email for every single device - resulting in a *lot* of emails and subsequent helpdesk tickets - oops.


      Any idea how to achieve my stated goal? What do i need to tweak?