Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
567
Views
0
Helpful
3
Replies

6.0.3 - Actionable Incident Notification

RicheeJJJ_2
Level 1
Level 1

‎05-11-2009 02:49 PM

Well there's supposedly a new feature in 6.0.3 that says I can send SNMP traps when a incident is created.

Anyone have any idea how to do this without going through each and every rule to edit the "action"?

Labels:
0 Helpful
3 Replies 3

richardackroyd
Level 1
Level 1

‎05-14-2009 04:46 AM

You have to create a rule like you would have before. Set the action to SNMP trap/email/whatever.

When the severity is set, for example to RED, it now alerts on RED incidents, not RED Events. I have been using this since the update to email our staff upon certain Incidents. Seems to work well.

If you want an alert when any Incident fires, leave every field as "any" and you should be good to go.

0 Helpful

mhellman
Level 7
Level 7
In response to richardackroyd

‎05-18-2009 12:39 PM

Richard, not sure what your saying here. The only way I've found to sort of accomplish this is to create an inspection rule using the MARS itself as the reporting device. It doesn't appear to work in newer versions. Is that what you did?

0 Helpful

mhellman
Level 7
Level 7

‎05-18-2009 12:17 PM

I believe you will have to configure for each inspection rule.

0 Helpful
Customers Also Viewed These Support Documents