This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Modify Alerts Going to An Endpoint Group

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Modify Alerts Going to An Endpoint Group

chukaokonkwo
L1 Bithead

‎03-03-2022 01:35 PM

 

Hello all,

I have setup an endpoint group of high profile laptops.  I would like the following configured on XDR.

 

- Prefix all Incident names going to endpoints in that group with "VIP Endpoint [Incident Name] (e.g. VIP Endpoint Wildfire Malware Detected)

- When a "High" or "Medium" alert is triggered for an endpoint within that group forward it to a specific email.

 

Thanks for the tips and insights on setting this up guys.  I've been searching back and forth in the admin guide to see if I can get the information.  If this happens I'll be sure to post it here as well.

 

 

0 Likes Likes
1 REPLY 1

bbarmanroy
L5 Sessionator

‎03-03-2022 06:27 PM

Hi @chukaokonkwo What I'd advise you is to create a Starred Alert Configuration using Featured Fields.

 

  1. You can create a list of Featured Fields (link: here) using hostname, IP address, or username.
    bbarmanroy_0-1646359950456.png

  2. Create a Starring Configuration (link here) with the featured fields.
    bbarmanroy_1-1646360144747.png

     


    That'll star all incidents containing alerts of this nature. Populate the hosts and save the filter for quick retrieval for future use.

    bbarmanroy_8-1646360728865.png

     

     

  3. Create a Scoring Rule (link here) for Featured fields as well. 
    bbarmanroy_3-1646360325698.png

     

  4. Create a Notifications Rule in the Configurations to forward all alerts that meet those criteria.
    bbarmanroy_4-1646360586606.png
    bbarmanroy_5-1646360593779.png
    bbarmanroy_7-1646360640017.png

     

     

     

0 Likes Likes
  • 1648 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks