I'm trying to set up some more advanced rules and tasks in CSA, and one of my goals was to make a rule/task to move a host to a group "Rootkit detected computers" when it detects an unauthorized rootkit. Can't really find any way to make this in a rule, and I can't find any tasks that are based off of events or event sets.
Any ideas? We're on CSA 5.0 v187, and we should be upgrading to 5.2 within the next week.