Table of Contents
Advertisement
18
Responding to events in your network
Configuring Automatic Responses
Task
1
Click Menu | Configuration | Registered Servers.
2
From the list of registered servers, select the desired SNMP server, then click Actions | Delete.
3
When prompted, click Yes.
The SNMP server is removed from the Registered Servers list.
Importing .MIB files
Use this task when setting up rules to send notification messages to an SNMP server via an SNMP trap.
You must import three .mib files from \Program Files\McAfee\ePolicy Orchestrator\MIB. The files
must be imported in the following order:
1
NAI-MIB.mib
2
TVD-MIB.mib
3
EPO-MIB.mib
These files allow your network management program to decode the data in the SNMP traps into
meaningful text. The EPO-MIB.mib file depends on the other two files to define the following traps:
•
epoThreatEvent — This trap is sent when an Automatic Response for an McAfee ePO Threat Event
is triggered. It contains variables that match properties of the Threat event.
•
epoStatusEvent — This trap is sent when an Automatic Response for an McAfee ePO Status Event
is triggered. It contains variables that match the properties of a (Server) Status event.
•
epoClientStatusEvent — This trap is sent when an Automatic Response for an McAfee ePO Client
Status Event is triggered. It contains variables that match the properties of the Client Status event.
•
rsdAddDetectedSystemEvent — This trap is sent when an Automatic Response for a Rogue
System Detected event is triggered. It contains variables that match the properties of the Rogue
System Detected event.
•
epoTestEvent — This is a test trap that is sent when you click Send Test Trap in the New SNMP
Server or Edit SNMP Server pages.
For instructions on importing and implementing .mib files, see the product documentation for your
network management program.
Working with registered executables and external commands
Use these tasks when working with registered executables and external commands. You can configure
automatic response rules to run an external command when the rule is initiated.
Tasks
•
Adding registered executables on page 221
Use this task to add registered executables to your available resources. You can run
external command action by providing the registered executables and their arguments.
•
Editing registered executables on page 221
Use this task to edit an existing registered executable entry.
•
Deleting registered executables on page 221
Use this task to delete a registered executable entry.
•
Duplicating registered executables on page 221
Use this task to duplicate a registered executables to your available resources.
®
220
McAfee
ePolicy Orchestrator
®
4.6.0 Software Product Guide
Advertisement
Chapters
Table of Contents
