Views:

Configure the following event notification to notify administrators when documents that contain potential exploit code have been detected on your network.

  1. Go to Detections > Notifications > Event Notifications.

    The Event Notifications screen appears.

  2. Click Advanced Threat Activity.

    A list of events appears.

  3. In the Event column, click Potential document exploit detections.

    The Potential Document Exploit Detections screen appears.

  4. Specify the following notification settings.

    Settings

    Description

    Trigger an alert for each detection

    Select to send an event notification for each detection.

    Specify the alert threshold that applies to a single endpoint

    Select to send event notifications only for detections that match the specified criteria.

    • Detections: Specify the number of detections

    • Period: Specify the time period in hours

    Attach logs in CSV format

    Select to send event notification recipients a *.csv file containing log data about the detections.
  5. Select recipients for the notification.
    1. From the Available Users and Groups list, select contact groups or user accounts.
    2. Click >.

      The selected contact groups or user accounts appear in the Selected Users and Groups list.

  6. Enable one or more of the following notification methods.

    Method

    Description

    Email message

    To customize the email notification template, use supported token variables or modify the text in the Subject and Message fields.

    For more information, see Standard Token Variables and Advanced Threat Activity Token Variables.
  7. To test if recipients can receive the event notification, click Test.
  8. Click Save.
Parent topic: Advanced Threat Activity Events