How about creating a respone like this one:
Event group: epo notification events
event type: threat
Filter:
defined at - system is in group or subgroup /my organisation
threat category: belongs to malware detected or
belongs to malware detected using heuristics
Aggregation:
trigger a response for every event
actions:
send email
enter email address for recipients
subject:
{threatName} detected on {analyzerHostName}
Body:
Virus detected on
Computer: {analyzerHostName}
IP: {listOfAnalyzerIPV4}
Time: {detectedUTC}
File Name: {targetFileName}
Threat Name: {threatName}
Action Taken: {threatActionTaken}
Product:{analyzer}
Dats: {analyzerDATVersion}
Engine: {analyzerEngineVersion}
Detection Method: {analyzerDetectionMethod}
Source host name: {sourceHostName}
Source IP: {sourceIPV4}
Source process name: {sourceProcessName}
Source UserName: {sourceUserName}
-------
沒有留言:
張貼留言