Automatic Responses

Question 1

What is an Automatic Response in ePO?

Answer 1

A feature that allows you to set a criteria for specific events, and when those events occur, make ePO automatically engage in a certain action as a response

Question 2

What are some of the response actions that ePO can be configured to take?

Answer 2

• Create an Issue
• Execute a Server Task (s)
• Run an External Command
• Run a System Command
• Send an email message
• Send an SNMP Trap

Question 3

How does ePO determine the types of events that you can create an automatic response rule for?

Answer 3

By the products that are managed by ePO

Question 4

T/F: The available response actions upon installation are the only options possible?

Answer 4

False, checking in new extensions can provide new actions

Question 5

What are some examples of typical conditions that might trigger an automatic response?

Answer 5

• Detection of threats by your anti-virus software
• Outbreak situations. For example, 1,000 virus-detected events are received in five minutes
• High-level compliance of ePO server events. For example, a repository update or a replication task failed.

Question 6

What is the purpose of setting an event threshold?

Answer 6

Lets your tailor the frequency of automatic responses to fit the needs and realities of your environment

Question 7

What is aggregation?

Answer 7

Allows you to set the number of events that occur before triggering an automatic response.

Ex:
-In one hour, the server receives 1,000 or more virus detection events from different systems

-In one hour, the server receives 100 or more virus detection events from one system

Question 8

What is the purpose of throttling?

Answer 8

Allows you to limit the number of notification messages your receive based on one rule.

Ex:
You can specify in a response rule that you don’t want to receive more than one notification message in an hour

Question 9

What is grouping?

Answer 9

A way to combine multiple aggregated events.

For example, events with the same severity can be combined into one group.

Grouping provides a way to respond to all events with the same or higher severity at once, as well as prioritize events that are generated

Question 10

What are some notable default automatic responses?

Answer 10

• Distributed repository update or replication failed
• Malware detected
• Master repository update or replication failed
• Noncompliant computer detected

Question 11

What are the three event types found under the Event Group “ePO notification” events

Answer 11

• Client Events - Events that occur on managed systems, for example “Product Update succeeded”
• Threat events - Events that indicate possible threats are detected. For example, Virus detected
• Server events - Events that occur on the server. For example, “Repository pull failed”

Question 12

What are the sections in the Automatic Response builder?

Answer 12

1. Description - Name the automatic response, give a description so that other users can easily understand the purpose of the response, and select the type of events that will trigger the response
2. Filter - Use properties to further narrow the events that will trigger the response
3. Aggregation - Configure Aggregation, Grouping, and Throttling settings here
4. Actions - Configure the actions that ePO will automatically take as a response to the events defined in the previous pages
5. Summary - See a high level summary of all of the options configuring in the previous pages of the response builder, and of the response as a whole