Create a SEM rule to track when viruses are not cleaned
Create and enable the Virus Attack – Bad State rule to track virus attacks reported by your anti-virus software. The Bad Virus State User-Defined Group defines a bad state as any virus that is not fully cleaned by your anti-virus software. This includes any virus that is not addressed, quarantined, or renamed.
The default action for this rule is to generate a HostIncident event, which you can use in conjunction with the Incidents report to notify auditors you are auditing the critical events on your network.
- In the SEM Events Console, click the Rules tab.
On the Rules toolbar, click Create rule from template.
- In the search box, enter Virus Attack - Bad State.
- Select the Virus Attack - Bad State rule template, and then click Next.
- Review and edit the existing conditions and values where needed, and then click Next.
- Review and adjust the rule details where needed, and then click Create.
See Create a new rule for additional guidance.