Planning; Determining How Events Are Forwarded - McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC Product Manual

Product guide

Hide thumbs

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

page of 328

/ 328
Contents
Table of Contents
Bookmarks

Table of Contents

Responding to events in your network

Planning

Default notification rules

Rule Name

Distributed repository

update or replication

failed

Malware detected

Master repository

update or replication

failed

Non-compliant

computer detected

RSD: Query New

Rogue Detection

Planning

Before creating rules that send notifications, save time by planning:

•

The event type and group (product and server) that trigger notification messages in your

environment.

•

Who should receive which notification messages. For example, it might not be necessary to notify

the administrator of group B about a failed replication in group A, but you might want all

administrators to know that an infected file was discovered in group A.

•

Which types and levels of thresholds you want to set for each rule. For example, you might not

want to receive an email message every time an infected file is detected during an outbreak.

Instead, you can choose to have such a message sent at most once every five minutes, regardless

of how often that server is receiving the event.

•

Which commands or registered executables you want to run when the conditions of a rule are met.

•

Which server task you want to run when the conditions of a rule are met.

Determining how events are forwarded

Use these tasks to determine when events are forwarded and which events are forwarded immediately.

The server receives event notifications from McAfee Agents. You can configure agent policies to

forward events either immediately to the server or only at agent-to-server communication intervals.

214

McAfee

ePolicy Orchestrator

Associated Events

Configurations

Distributed repository

Sends a notification message when any update or

update or replication

replication fails.

failed

Any events from any

Sends a notification message:

unknown products

• When the number of events is at least 1,000

• At most, once every two hours.

• With the source system IP address, actual threat

• When the number of selected distinct value is 500.

Master repository

Sends a notification message when any update or

update or replication

replication fails.

failed

Non-Compliant Computer

Sends a notification message when any events are

Detected events

received from the Generate Compliance Event server

task.

New rogue system

Queries the newly detected system for a McAfee

detected

Agent.

4.6.0 Software Product Guide

within an hour.

names, and actual product information, if

available, and many other parameters.

Table of Contents

Chapters

Table of Contents

This manual is also suitable for:

Epolicy orchestrator 4.6.0

Planning; Determining How Events Are Forwarded - McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC Product Manual

Planning

Determining how events are forwarded

Chapters

Related Manuals for McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC

Related Content for McAfee EPOCDE-AA-BA - ePolicy Orchestrator - PC

This manual is also suitable for:

Table of Contents