Alert on malicious file detected by Endpoint Security

This topic describes the alert generated when a malicious file is detected by Endpoint Security and outlines its parameters, trigger, and flow. It provides information for configuring thresholds and notification settings.

The automation notifies upon detection of malicious file. The notification includes information on the number of events and number of affected devices. Automation parameters can be set such as the affected devices threshold and total events threshold.

Supported Product

Endpoint Security

Parameters

Count events in time duration

Set the duration of time in which to count the events.

Threshold (minimum number of events)

Set the minimum number of events for the automation to be triggered.

Threshold (minimum number of devices)

Set the minimum number of devices affected for the automation to be triggered.

Severity (Minimum)

Set the minimum severity.

Notification profile

Set the notification profile.

Trigger

When a malicious file is detected by Endpoint Security.

To view the example of this log, click ../running-automation/running-the-automation.dita.

Flow