Table of Contents
Advertisement
18
Responding to events in your network
About using Automatic Responses
About using Automatic Responses
The complete set of event types for which you can configure an automatic response depends on the
software products you are managing with your ePolicy Orchestratorserver.
By default, your response can include these actions:
•
Create issues
•
Execute server tasks
•
Run external commands
•
Run system commands
•
Send email messages
•
Send SNMP traps
The ability to specify the event categories that generate a notification message and the frequencies
with which such messages are sent are highly configurable.
This feature is designed to create user-configured notifications and actions when the conditions of a
rule are met. These include, but are not limited to:
•
Detection of threats by your anti-virus software product. Although many anti-virus software
products are supported, events from VirusScan Enterprise include the IP address of the source
attacker so that you can isolate the system infecting the rest of your environment.
•
Outbreak situations. For example, 1000 virus-detected events are received within five minutes.
•
High-level compliance of ePolicy Orchestrator server events. For example, a repository update or a
replication task failed.
•
Detection of new rogue systems.
Automatic Responses and how it works
Before you plan the implementation of Automatic Responses, you should understand how this feature
works with ePolicy Orchestrator and the System Tree.
This feature does not follow the inheritance model used when enforcing
policies.
Automatic Responses use events that occur on systems in your environment that are delivered to the
server and configured response rules associated with the group that contains the affected systems and
each parent above it. If the conditions of any such rule are met, designated actions are taken, per the
rule's configurations.
®
212
McAfee
ePolicy Orchestrator
®
4.6.0 Software Product Guide
Advertisement
Chapters
Table of Contents
