Support User Manuals

McAfee 6.1 Marine Radio User Manual

Open as PDF

of 201

123

McAfee

®

Host Intrusion Prevention 6.1 Product Guide Maintenance

Setting up notifications for events

8

Setting up notifications for events

The Notifications feature can alert you to any events that occur on Host Intrusion

Prevention clients or the server itself. You can configure rules to send e-mail, SMS, text

pager messages, or SNMP traps, or run external commands when specific events are

received and processed by the ePolicy Orchestrator server. You can specify the event

categories that generate a notification message and the frequency that notifications are

sent. For complete details, see the ePolicy Orchestrator online help or product guide.

How notifications work

In the Host Intrusion Prevention environment, when events occur they are delivered to

the ePolicy Orchestrator server. Notification rules are associated with the group or site

that contains the affected systems, and are applied to the events. If the conditions of

a rule are met, a notification message is sent, or an external command is run, as

specified by the rule.

You can configure independent rules at different levels of the Directory. You can also

configure when notification messages are sent by setting thresholds that are based on

aggregation and throttling.

ePolicy Orchestrator provides default rules that you can enable for immediate use.

Before enabling any of the default rules:

1 Specify the e-mail server from which the notification messages are sent.

2 Check that the recipient e-mail address is the one you want to receive e-mail

messages.

Creating rules

You can create rules for a variety of event categories. These include:

All rules are created in the same basic manner by:

1 Describing the rule.

2 Setting filters for the rule.

3 Setting thresholds for the rule.

4 Creating the message to be sent and the type of delivery.

 Access Protection rule violation

detected and blocked

 Access Protection rule violation

detected and NOT blocked

 Computer placed in quarantine

mode

 E-mail content filtered or

blocked

 Intrusion detected

 Non-compliant computer

detected

 Normal operation

 Policy enforcement failed

 Repository update or replication failed

 Software deployment failed

 Software deployment succeeded

 Software failure or error

 Unknown category

 Update/upgrade failed

 Update/upgrade succeeded

previous next