Message Image

Skip main navigation (Press Enter).

Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

System infected alerts

NRajFeb 16, 2018 07:21 AM

Am new to SEP 14. Want to find 'system infected' alerts for the past month. NTP is now replaced ...

ℬrίαηFeb 16, 2018 07:29 AM

Monitors page and go to Logs tab. Set it to Network and Host Mitigation and Attacks. Set whatever time ...

NRajFeb 16, 2018 07:40 AM

i want only sys infected. I dont see that option under 'events' when i choose 'attacks'

ℬrίαηFeb 16, 2018 07:41 AM

Set the 'Severity' to 'Critical', set 'Event Type' to 'Intrusion Prevention' and set 'Direction' to ...

1. System infected alerts

0 Recommend
NRaj
Posted Feb 16, 2018 07:21 AM

Reply Reply Privately
Am new to SEP 14.

Want to find 'system infected' alerts for the past month.

NTP is now replaced with network & host mitigation.

Can someone help me?
2. RE: System infected alerts

0 Recommend
ℬrίαη
Posted Feb 16, 2018 07:29 AM

Reply Reply Privately
Monitors page and go to Logs tab. Set it to Network and Host Mitigation and Attacks. Set whatever time range you need.
3. RE: System infected alerts

0 Recommend
NRaj
Posted Feb 16, 2018 07:40 AM

Reply Reply Privately
i want only sys infected. I dont see that option under 'events' when i choose 'attacks'
4. RE: System infected alerts

0 Recommend
ℬrίαη
Posted Feb 16, 2018 07:41 AM

Reply Reply Privately
Set the 'Severity' to 'Critical', set 'Event Type' to 'Intrusion Prevention' and set 'Direction' to 'Outbound'.

This will get you closer to filtering out the noise.

You cannot filter on specific signatures in SEPM. Export it to CSV and open in Excel. Then filter on what you need.

Copyright 2019. All rights reserved.

Powered by Higher Logic