Setting up automatic responses

Take immediate action against threats and outbreaks by automatically executing commands or sending emails when events occur.

McAfee ePO responds when the conditions of an automatic response rule are met. You specify the actions that make up the response, and the type and number of events that must meet the condition to trigger the response.

By default, an automatic response rule can include these actions:

  • Create an issue.
  • Execute server tasks.
  • Run external commands.
  • Run system commands.
  • Send an email message.
  • Send SNMP traps.

Note: You can also configure external tools installed on the McAfee ePO server to run an external command.

Managed products increase the number of actions you can select.

The products that you manage with McAfee ePO determine the types of events you can create an automatic response rule for.

Here are some typical conditions that might trigger an automatic response:

  • Detection of threats by your antivirus software.
  • Outbreak situations. For example, 1,000 virus-detected events are received in five minutes.
  • High-level compliance of McAfee ePO server events. For example, a repository update or a replication task failed.