I’ve got a weekly “network and host attack mitigation” report set up. I can see what’s attacking my machines. That’s useful. (Why not make that a default report?)
I noticed a machine has A LOT of “browser protection” events this week, hundreds within seconds. I’m still looking into it. But I want to know if that happens again WHEN it is actually happening (or right after because the browser protection events happened fast).
How do I set up an alert for that? I’m looking in SEPM, under monitors, notifications… I’ve already got a network attack alert set up (all boxes checked — compliance, network and host mitiation, packet events, deice control events, traffice, application control). That existing network attack alert is set just above what appears to be a normal amount of attacks. I’d prefer zero attacks but there seems to be a usual amount coming in weekly.
I don’t see anything for “browser protection” though. Maybe it’s not granular enough? If I’m getting a “Netowkr and Host Exploit Migation attack report each week… and these are listed as “browser protection” under the type of attack…. What would I set up as an email notification alert?