McAfee® Host Intrusion Prevention 6.1 Product Guide | Maintenance |
| Setting up notifications for events |
8
Setting up notifications for events
The Notifications feature can alert you to any events that occur on Host Intrusion Prevention clients or the server itself. You can configure rules to send
How notifications work
In the Host Intrusion Prevention environment, when events occur they are delivered to the ePolicy Orchestrator server. Notification rules are associated with the group or site that contains the affected systems, and are applied to the events. If the conditions of a rule are met, a notification message is sent, or an external command is run, as specified by the rule.
You can configure independent rules at different levels of the Directory. You can also configure when notification messages are sent by setting thresholds that are based on aggregation and throttling.
ePolicy Orchestrator provides default rules that you can enable for immediate use. Before enabling any of the default rules:
1Specify the
2Check that the recipient
Creating rules
You can create rules for a variety of event categories. These include:
Access Protection rule violation detected and blocked
Access Protection rule violation detected and NOT blocked
Computer placed in quarantine mode
Intrusion detected
Normal operation
Policy enforcement failed
Repository update or replication failed
Software deployment failed
Software deployment succeeded
Software failure or error
Unknown category
Update/upgrade failed
Update/upgrade succeeded
All rules are created in the same basic manner by:
1Describing the rule.
2Setting filters for the rule.
3Setting thresholds for the rule.
4Creating the message to be sent and the type of delivery.
123
