Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 2302 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Custom Email Alerts (Application Control)

MDInnocenzo

This function may be buried somewhere in the manuals but i haven't been able to find it.  I am looking to configure the email alerts that are recieved from the Enterprise Console.  

I get a message from the SEC "One or more computers have exceeded the warning level for application control events. "  The email notification is great, but i would like to include in the body of the email what computer this is.  I have multiple systems that show up under the Application Control filter and I would like to know at a glance what system it was.  Are there any variables that can be included in the email notifications, or for that fact can it include a custom body?

Thanks,

Mike

:40317


This thread was automatically locked due to age.
  • 0

    Hello Mike,

    the function you are referring to is called Network Status Alerts in the Help and Configure Email Alerts in SEC. The actual trigger (level) is defined in Configure Dashboard. It might not be, in fact - it is not obvious that the Computers with events section also gives you the option to "condense" the received data and to (email) alert only when certain thresholds are exceeded. The confusing part is that the level applies to an individual endpoint and not the collection of events. For example - if (in Configure Dashboard) you set the level for Application control to 3 the Dashboard will display only the number of computers with more than 3 events (in the 7-day period). While for the Events section an individual computer triggers the email it is still considered a summary event and thus the message provides only a general alert. In short, SEC will not alert you on individual endpoints. Furthermore, you can't customize any email.

    To get information where an event has occurred (as well as some details) you'd have to set up email alerting in the client policies (SMTP is configured in the AV policy, untick the AV alerts if you are not interested in them, and enable email alerting in the Application Control policy). Note that it is the client which will send the email.  

    Christian     

    :40321
  • 0

    Christian

    Thanks that helps out, I have the specific alerts set for my boss, but i recieve every alert and was looking to see if I could get a little more specific in what was being sent to me. 

    Appreciate the help, that answers my questions.

    :40337