With the release of 12.1 RU5 Host Integrity has become a staple without the necessity to purchase separate Network Access Control license. As part of a complete security best practice, it is vital that a SEP Admin be notified of failure events via email. Below are the steps necessary to create a custom notification for Host Integrity (HI) failure events. Note: Screenshots were taken from 12.1 RU6 MP2.
- From within the SEPM, click on "Monitors", select the "Notifications" tab and then click on the "Notification Conditions" button.
- Within Notification Conditions, click on "Add...", then select "Client security alert".
- Give the notification a meaningful name and customize the additional settings. Ensure that "Compliance events" is selected as this triggers on HI failure events.
- Click "OK" to save.
As with any change, it is always recommended that you test this out to ensure a failure event does in-fact trigger an email notification. It is also important to test the notification using different settings to ensure you get the most visibility, as required for your environment.