cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
229
Views
0
Helpful
1
Replies

Mars 4.3 email alerts

danhosking
Level 1
Level 1

We have been able to tune our clients Mar appliance successfully. He now wants to receive email alerts when any alarms are triggered. Is it possible to configure this as a global type setting to apply to all rules or do I have to edit every single rule individually to achieve this?

1 Reply 1

mhellman
Level 7
Level 7

You have to edit every rule. There might be some alternatives. One might be to create an hourly report of type "matched rule ranking" that has the "use only firing events" setting. This will give you a summary of the rules that fired in that hour. Obviously, it's not as "real-time" as changing the action for every rule. There are only ~130 inspection rules, so manually changing them shouldn't be a big deal either.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: