I have setup an endpoint group of high profile laptops. I would like the following configured on XDR.
- Prefix all Incident names going to endpoints in that group with "VIP Endpoint [Incident Name] (e.g. VIP Endpoint Wildfire Malware Detected)
- When a "High" or "Medium" alert is triggered for an endpoint within that group forward it to a specific email.
Thanks for the tips and insights on setting this up guys. I've been searching back and forth in the admin guide to see if I can get the information. If this happens I'll be sure to post it here as well.
Hi @chukaokonkwo What I'd advise you is to create a Starred Alert Configuration using Featured Fields.
That'll star all incidents containing alerts of this nature. Populate the hosts and save the filter for quick retrieval for future use.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!