5
Set the priority of the rule to High, Medium, or Low.
NOTE:
The priority of the rule is used to set a flag on an email message in the recipient’s
Inbox. For example, selecting High places a red exclamation mark next to the notification
email message, and selecting Low places a blue, down-facing arrow next to the notification
email message. The priority does not affect the rule or event processing in any way.
6
Select whether the rule is Enabled or Disabled next to Status.
7
Click Next.
Setting filters for the rule
Use this task to set the filters for the notification rule on the Filters page of the Notification
Rule Builder wizard.
Task
For option definitions click ? on the page displaying the options.
1
Select the types of Operating systems from which events can trigger the rule.
2
Select the Products whose events initiate this rule.
3
Select Categories of events that initiate this rule.
NOTE:
Both the Products and Categories selections must be true to trigger the rule and
send a notification message. For example, if you select VirusScan and Virus detected
but NOT cleaned, the rule does not send a message for a Symantec Anti-Virus Virus
detected but NOT cleaned event. If only the event category is important, then select
Any product.
4
In Threat name, define the pattern matching the threat comparison to use:
a Select an operator from the drop-down list.
b Type any text for the operator to act on.
For example, use the name of a virus. Select Contains as the operator, then type
nimda in the text box. This ensures that events are scanned for any line of text that
contains nimda.
NOTE:
If you select to filter on a threat name, the Products, Categories,
and the
Threat name selections must all be true for the rule to send a notification message.
5
Click Next.
Setting thresholds of the rule
Use this task to define when the rule triggers the rule on the Thresholds page of the
Notification Rule Builder wizard.
A rule’s thresholds are a combination of aggregation and throttling.
Task
For option definitions click ? on the page displaying the options.
1
Next to Aggregation, select whether to Send a notification for every event, or to
Send a notification if multiple events occur within a defined amount of time. If you
select the latter, define this amount of time in minutes, hours, or days.
Sending Notifications
Creating and editing Notification rules
McAfee ePolicy Orchestrator 4.0.2 Product Guide
164