Alert on exploit attempt detected by Endpoint Security

This topic describes alert behavior when an exploit attempt is detected and details the parameters, trigger conditions, and flow for the automation. It provides configuration information for thresholds, severity, and notification settings.

The automation notifies upon detection of exploit attack. The notification includes information on the number of events and number of affected devices. Automation parameters can be set such as the affected devices threshold and total events threshold.

Supported Product

Endpoint Security

Parameters

Count events in time duration

Set the duration of time in which to count the events.

Threshold (minimum number of events)

Set the minimum number of events for the automation to be triggered.

Threshold (minimum number of devices)

Set the minimum number of devices affected for the automation to be triggered.

Severity (Minimum)

Set the minimum severity.

Notification profile

Set the notification profile.

Trigger

When an exploit attempt is detected by Endpoint Security.

To view the example of this log, click ../running-automation/running-the-automation.dita.

Flow