Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 9317 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Too Many DLPAlert Emails

TEWhite

We are using Sophose Enterprise Console 5.1.0.1839 and we keep receiving DLPAlert emails with the following subject lines:

1. The number of out-of-date computers has exceeded the critical level.

2. The number of computers with errors has exceeded the critical level.

3. The number of computers that differ from group policies has exceeded the critical level.

These emails do us no good. We only have about 40 computers in our organization and it only takes a couple of computers to set off these alerts. We have looked for ways to adjust the configurations of these alerts to be more useful, but have found none.

Any ideas?

:38559


This thread was automatically locked due to age.
Parents
  • 0

    Hello TEWhite,

    as you've seen you can adjust a few things (levels, number of events, time since last update - applies to SUM) but that's probably not what you are looking for.

    Frankly, creating sophisticated rules for 40-odd computers is an overkill. Admittedly the Protection alert (connected out-of-date) is sometimes trigger-happy, doesn't take the updating interval from the policy into account and in addition RMS doesn't always correctly disconnect a client. To make a better decision SEC would have to keep a history of Message Times, perhaps correlating them with updating errors - but even then it'd be likely far from perfect.

    I'd suggest you just don't request an email for out-of-date conditions. Apart from that it is possible to ignore/suppress specific error codes - which ones are you interested in and which ones would rather not want to see?

    Christian

    :38807
Reply
  • 0

    Hello TEWhite,

    as you've seen you can adjust a few things (levels, number of events, time since last update - applies to SUM) but that's probably not what you are looking for.

    Frankly, creating sophisticated rules for 40-odd computers is an overkill. Admittedly the Protection alert (connected out-of-date) is sometimes trigger-happy, doesn't take the updating interval from the policy into account and in addition RMS doesn't always correctly disconnect a client. To make a better decision SEC would have to keep a history of Message Times, perhaps correlating them with updating errors - but even then it'd be likely far from perfect.

    I'd suggest you just don't request an email for out-of-date conditions. Apart from that it is possible to ignore/suppress specific error codes - which ones are you interested in and which ones would rather not want to see?

    Christian

    :38807
Children
No Data