Determining How Events Are Forwarded; Determining Which Events Are Forwarded Immediately - McAfee EPOLICY ORCHESTRATOR 4.0.2 Product Manual

Sending Notifications

Determining how events are forwarded

• The types of events (product and server) that trigger notification messages in your
environment.
• Who should receive which notification messages. For example, it may not be necessary to
notify the administrator of group B about a failed replication in group A, but you may want
all administrators to know that an infected file was discovered in group A.
• Which types and levels of thresholds you want to set for each rule. For example, you may
not want to receive an email message every time an infected file is detected during an
outbreak. Instead, you can choose to have such a message sent — at most — once every
five minutes, regardless of how often that server is receiving the event.
• Which commands or registered executables you want to run when the conditions of a rule
are met.
Determining how events are forwarded
Use these tasks to determine when events are forwarded and which events are forwarded
immediately.
The server receives notifications from the agents. You must configure its policies to forward
events either immediately to the server or only at agent-to-server communication intervals.
If you choose to send events immediately (as set by default), the agent forwards all events as
soon as they are received. If you want all events sent to the server immediately so that they
can be processed by Notifications when the events occur, configure the agent to send them
immediately.
If you choose not to have all events sent immediately, the agent forwards only events
immediately that are designated by the issuing product as high priority. Other events are sent
only at the agent-server communication.
Tasks

Determining which events are forwarded immediately

Determining which events are forwarded
Determining which events are forwarded immediately
Use this task to determine whether events are forwarded immediately or only at the
agent-to-server communication interval.
If the currently applied policy is not set for immediate uploading of events, either edit the
currently applied policy or create a new McAfee Agent policy. This setting is configured on the
Events tab.
Task
For option definitions click ? on the page displaying the options.
1 Open the desired agent policy, then click Events.
2 Select Enable priority event forwarding.
3 Select the event severity. Events of the selected severity (and greater) are forwarded
immediately to the server.
4 To regulate traffic, type an Interval between uploads (in minutes).
156 McAfee ePolicy Orchestrator 4.0.2 Product Guide