Notifications_Critical_Risks
Threat Discovery Appliance triggers real-time notifications as soon as it detects critical security risks in the network to allow you to take immediate action. You can configure the product to send these notifications immediately or at specified intervals.
By default, the product will send notifications for critical security risks detected on all endpoints. Use the exclusion list for endpoints that you do not want to be notified about.
To configure notifications for critical security risks:
Notifications > Notification Settings > Detections of Critical Security Risks
Select the option to enable real-time notifications.
Under Potential Security Risks, select the option to send a notification when a high-severity security risk is detected.
Under Known Security Risks, select the option to send a notification when virus/malware or spyware/grayware is detected.
Specify the email-sending interval in number of minutes, hours, or days.
For each endpoint, Threat Discovery Appliance aggregates notifications triggered within the time interval and sends them as one email message when the time interval elapses. For example, if critical security risks were detected on 12 endpoints, Threat Discovery Appliance sends 12 email messages. Each message contains a list of critical security risks detected in the endpoint within the time interval.
Click Save.
To configure the exclusion list:
Notifications > Notification Settings > Detections of Critical Security Risks
Click the Exclusion List tab.
Type a descriptive name for the exclusion list.
Type the IP address/range of endpoints to be excluded from real-time notifications.
Click Add.
You can add up to 100 exclusion lists.
To remove an exclusion list, mark the check box before the exclusion list and then click Delete.
Click Save.
See also: