Views:

Anti-Malware Module

The alert for Anti-Malware Module can be done through the Alerts Tab or the Malware Scan Configuration Page. Alerts Tab configuration will enable a global configuration while Malware Scan Configuration Page offers granular settings (Per Configuration Alert).

Alerts Tab (Enabling Alerts for all Malware Scan Configuration)
1. Go to Alerts tab.
2. When on Summary View, on the upper right corner of the page, click Configure Alerts.... When on List View, this button is on the upper left corner of the page.
3. Search and click Anti-Malware Alert then click Properties. (Double clicking the Alert name will show you its Properties).
4. Tick the box next to "Alert for all rules (Regardless of rule settings)".
5. Click Apply then OK.
Malware Scan Configuration page
1. Go to Policies tab > Common Objects > Other > Malware Scan Configurations.
2. Click Scan Configuration then click Properties. (Double clicking the Scan Configuration name will show you its Properties).
3. In the General Tab, scroll down to the very bottom to see the option for Alert. Tick the box next to "Alert when this Malware Scan Configuration logs an event" (By default, this is enabled).
4. Click Apply then OK.

Web Reputation Module

The alert for Web Reputation events must be done on the Policy.

Policy configuration
1. Go to Policies tab.
2. Click on the Policy then click Properties. (Double clicking the Policy name will show you its Properties).
3. On the left column, click Web Reputation then go to Advanced.
4. On Alert, change the setting to "Yes". (By default, this setting is set to "No").
5. Click Save.

Application Control Module

The alert for Application Control events must be configured on the Alerts Tab.

Alerts Tab
1. Go to Alerts tab.
2. When on Summary View, on the upper right corner of the page, click Configure Alerts.... When on List View, this button is on the upper left corner of the page.
3. Search and click Software Changes Detected then click Properties. (Double clicking the Alert name will show you its Properties).
4. Click on the radio button next to "On" (By default, this is set to "On").
5. Click Apply then OK.

Firewall Module

The alert for Firewall Module events can be done through Alerts tab or on the specific rule. Alerts tab configuration will enable a global configuration while Rule page offers granular settings (per rule alert).

Alerts can only be configured for firewall rules that have an action set to "Deny" or "Log Only".

Alerts Tab (Enabling alerts for all firewal rules)
1. Go to Alerts tab.
2. When on Summary View, on the upper right corner of the page, click Configure Alerts.... When on List View, this button is on the upper left corner of the page.
3. Search and click Firewall Rule Alert then click Properties. (Double clicking the Alert name will show you its Properties).
4. Tick the box next to "Alert for all rules (Regardless of rule settings)".
5. Click Apply then OK.
Rules Page
1. Go to Policies tab > Common Objects > Firewall > Rules.
2. Click on the Rule you want to alert then click Properties. (Double clicking the Rule name will show you its Properties).
3. Go to Options tab and tick the box next to "Alert when this rule logs an event".
4. Click Apply then OK.

Intrusion Prevention Module

The alert for Intrusion Prevention Module events can be done under the Alerts tab or on the specific Rule. Alerts tab configuration will enable a global configuration while Rule page offers granular settings (Per Rule Alert).

Alerts Tab (Enabling alerts for all Intrusion Prevention rules)
1. Go to Alerts tab.
2. When on Summary View, on the upper right corner of the page, click Configure Alerts.... When on List View, this button is on the upper left corner of the page.
3. Search and click Intrusion Prevention Rule Alert then click Properties. (Double clicking the Alert name will show you its Properties).
4. Tick the box next to "Alert for all rules (Regardless of rule settings)".
5. Click Apply then OK.
Rules Page
1. Go to Policies tab > Common Objects > Intrusion Prevention > Rules.
2. Click on the Rule you want to alert then click Properties. (Double clicking the Rule name will show you its Properties).
3. Go to Options tab and tick the box next to "Alert when this rule logs an event".
4. Click Apply then OK.

Integrity Monitoring Module

The alert for Integrity Monitoring Module events can be done under the Alerts tab or on the specific Rule. Alerts tab configuration will enable a global configuration while Rule page offers granular settings (Per Rule Alert).

Alerts Tab (Enabling alerts for all Integrity Monitoring rules)
1. Go to Alerts tab.
2. When on Summary View, on the upper right corner of the page, click Configure Alerts.... When on List View, this button is on the upper left corner of the page.
3. Search and click Integrity Monitoring Rule Alert then click Properties. (Double clicking the Alert name will show you its Properties).
4. Tick the box next to "Alert for all rules (Regardless of rule settings)".
5. Click Apply then OK.
Rules Page
1. Go to Policies tab > Common Objects > Integrity Monitoring > Rules.
2. Click on the Rule you want to alert then click Properties. (Double clicking the Rule name will show you its Properties).
3. Go to Options tab and tick the box next to "Alert when this rule logs an event".
4. Click Apply then OK.

Log Inspection Module

The alert for Log Inspection Module events can be done under the Alerts tab or on the specific Rule. Alerts tab configuration will enable a global configuration while Rule page offers granular settings (Per Rule Alert).

Alerts Tab (Enabling alerts for all Log Inspection rules)
1. Go to Alerts tab.
2. When on Summary View, on the upper right corner of the page, click Configure Alerts.... When on List View, this button is on the upper left corner of the page.
3. Search and click Log Inspection Rule Alert then click Properties. (Double clicking the Alert name will show you its Properties).
4. Tick the box next to "Alert for all rules (Regardless of rule settings)".
5. Click Apply then OK.
Rules Page
1. Go to Policies tab > Common Objects > Log Inspection > Rules.
2. Click on the Rule you want to alert then click Properties. (Double clicking the Rule name will show you its Properties).
3. Go to Options tab and tick the box next to "Alert when this rule logs an event".
4. Click Apply then OK.

Cloud One - Endpoint and Workload Security alert configuration per module

Product / Version includes:

Cloud One - Endpoint and Workload SecurityAll

Last updated: 2023/04/13

Solution ID: KA-0014286

Category: Configure

Summary

In Cloud One - Endpoint and Workload Security, there are some modules where alerts must be configured before they are received in both the console and through email.

The following modules by default will send an Alert on the Console and also send an e-mail:

Anti-Malware Module (Alert Name: Anti-Malware Alert, for detections)
Application Control (Alert Name: Software Changes Detected)

The following modules do not have an alert configuration:

Device Control
Activity Monitoring

EXPAND ALL

Anti-Malware Module

Alerts Tab (Enabling Alerts for all Malware Scan Configuration)
1. Go to Alerts tab.
2. When on Summary View, on the upper right corner of the page, click Configure Alerts.... When on List View, this button is on the upper left corner of the page.
3. Search and click Anti-Malware Alert then click Properties. (Double clicking the Alert name will show you its Properties).
4. Tick the box next to "Alert for all rules (Regardless of rule settings)".
5. Click Apply then OK.
Malware Scan Configuration page
1. Go to Policies tab > Common Objects > Other > Malware Scan Configurations.
2. Click Scan Configuration then click Properties. (Double clicking the Scan Configuration name will show you its Properties).
3. In the General Tab, scroll down to the very bottom to see the option for Alert. Tick the box next to "Alert when this Malware Scan Configuration logs an event" (By default, this is enabled).
4. Click Apply then OK.

Web Reputation Module

The alert for Web Reputation events must be done on the Policy.

Policy configuration
1. Go to Policies tab.
2. Click on the Policy then click Properties. (Double clicking the Policy name will show you its Properties).
3. On the left column, click Web Reputation then go to Advanced.
4. On Alert, change the setting to "Yes". (By default, this setting is set to "No").
5. Click Save.

Application Control Module

The alert for Application Control events must be configured on the Alerts Tab.

Alerts Tab
1. Go to Alerts tab.
2. When on Summary View, on the upper right corner of the page, click Configure Alerts.... When on List View, this button is on the upper left corner of the page.
3. Search and click Software Changes Detected then click Properties. (Double clicking the Alert name will show you its Properties).
4. Click on the radio button next to "On" (By default, this is set to "On").
5. Click Apply then OK.

Firewall Module

Alerts can only be configured for firewall rules that have an action set to "Deny" or "Log Only".

Alerts Tab (Enabling alerts for all firewal rules)
1. Go to Alerts tab.
2. When on Summary View, on the upper right corner of the page, click Configure Alerts.... When on List View, this button is on the upper left corner of the page.
3. Search and click Firewall Rule Alert then click Properties. (Double clicking the Alert name will show you its Properties).
4. Tick the box next to "Alert for all rules (Regardless of rule settings)".
5. Click Apply then OK.
Rules Page
1. Go to Policies tab > Common Objects > Firewall > Rules.
2. Click on the Rule you want to alert then click Properties. (Double clicking the Rule name will show you its Properties).
3. Go to Options tab and tick the box next to "Alert when this rule logs an event".
4. Click Apply then OK.

Intrusion Prevention Module

Alerts Tab (Enabling alerts for all Intrusion Prevention rules)
1. Go to Alerts tab.
2. When on Summary View, on the upper right corner of the page, click Configure Alerts.... When on List View, this button is on the upper left corner of the page.
3. Search and click Intrusion Prevention Rule Alert then click Properties. (Double clicking the Alert name will show you its Properties).
4. Tick the box next to "Alert for all rules (Regardless of rule settings)".
5. Click Apply then OK.
Rules Page
1. Go to Policies tab > Common Objects > Intrusion Prevention > Rules.
2. Click on the Rule you want to alert then click Properties. (Double clicking the Rule name will show you its Properties).
3. Go to Options tab and tick the box next to "Alert when this rule logs an event".
4. Click Apply then OK.

Integrity Monitoring Module

Alerts Tab (Enabling alerts for all Integrity Monitoring rules)
1. Go to Alerts tab.
2. When on Summary View, on the upper right corner of the page, click Configure Alerts.... When on List View, this button is on the upper left corner of the page.
3. Search and click Integrity Monitoring Rule Alert then click Properties. (Double clicking the Alert name will show you its Properties).
4. Tick the box next to "Alert for all rules (Regardless of rule settings)".
5. Click Apply then OK.
Rules Page
1. Go to Policies tab > Common Objects > Integrity Monitoring > Rules.
2. Click on the Rule you want to alert then click Properties. (Double clicking the Rule name will show you its Properties).
3. Go to Options tab and tick the box next to "Alert when this rule logs an event".
4. Click Apply then OK.

Log Inspection Module

Alerts Tab (Enabling alerts for all Log Inspection rules)
1. Go to Alerts tab.
2. When on Summary View, on the upper right corner of the page, click Configure Alerts.... When on List View, this button is on the upper left corner of the page.
3. Search and click Log Inspection Rule Alert then click Properties. (Double clicking the Alert name will show you its Properties).
4. Tick the box next to "Alert for all rules (Regardless of rule settings)".
5. Click Apply then OK.
Rules Page
1. Go to Policies tab > Common Objects > Log Inspection > Rules.
2. Click on the Rule you want to alert then click Properties. (Double clicking the Rule name will show you its Properties).
3. Go to Options tab and tick the box next to "Alert when this rule logs an event".
4. Click Apply then OK.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Cloud One - Endpoint and Workload Security alert configuration per module

Anti-Malware Module

Web Reputation Module

Application Control Module

Firewall Module

Intrusion Prevention Module

Integrity Monitoring Module

Log Inspection Module

Cloud One - Endpoint and Workload Security alert configuration per module

Product / Version includes:

Summary

Anti-Malware Module

Web Reputation Module

Application Control Module

Firewall Module

Intrusion Prevention Module

Integrity Monitoring Module

Log Inspection Module