I need a excessive browser protection email alert

I need a solution

I’ve got a weekly “network and host attack mitigation”  report set up.  I can see what’s attacking my machines.  That’s useful.  (Why not make that a default report?)

I noticed a machine has A LOT of “browser protection” events this week, hundreds within seconds.  I’m still looking into it.  But I want to know if that happens again WHEN it is actually happening (or right after because the browser protection events happened fast).

How do I set up an alert for that?  I’m looking in SEPM, under monitors, notifications…  I’ve already got a network attack alert set up (all boxes checked — compliance, network and host mitiation, packet events, deice control events, traffice, application control).  That existing network attack alert is set just above what appears to be a normal amount of attacks.  I’d prefer zero attacks but there seems to be a usual amount coming in weekly.

I don’t see anything for “browser protection” though.  Maybe it’s not granular enough?  If I’m getting a “Netowkr and Host Exploit Migation attack report each week… and these are listed as “browser protection” under the type of attack…. What would I set up as an email notification alert?

0

Related:

  • No Related Posts

Leave a Reply