Modify Alerts Going to An Endpoint Group

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Modify Alerts Going to An Endpoint Group

L1 Bithead


Hello all,

I have setup an endpoint group of high profile laptops.  I would like the following configured on XDR.


- Prefix all Incident names going to endpoints in that group with "VIP Endpoint [Incident Name] (e.g. VIP Endpoint Wildfire Malware Detected)

- When a "High" or "Medium" alert is triggered for an endpoint within that group forward it to a specific email.


Thanks for the tips and insights on setting this up guys.  I've been searching back and forth in the admin guide to see if I can get the information.  If this happens I'll be sure to post it here as well.




L5 Sessionator

Hi @chukaokonkwo What I'd advise you is to create a Starred Alert Configuration using Featured Fields.


  1. You can create a list of Featured Fields (link: here) using hostname, IP address, or username.

  2. Create a Starring Configuration (link here) with the featured fields.


    That'll star all incidents containing alerts of this nature. Populate the hosts and save the filter for quick retrieval for future use.




  3. Create a Scoring Rule (link here) for Featured fields as well. 


  4. Create a Notifications Rule in the Configurations to forward all alerts that meet those criteria.




  • 1 replies
  • 78 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!