Create a SEM rule to track when viruses are not cleaned
Create and enable the Virus Attack – Bad State rule to track virus attacks reported by your anti-virus software. The Bad Virus State User-Defined Group defines a bad state as any virus that is not fully cleaned by your anti-virus software. This includes any virus that is not addressed, quarantined, or renamed.
The default action for this rule generates a HostIncident event, which you can use in conjunction with the Incidents report to notify auditors you are auditing the critical events on your network.
Log in to the SEM Console.
- On the toolbar, click Rules.
On the Rules toolbar, click Create rule from template.
In the search box, enter virus and then click the magnifying glass icon.
Select the Virus Attack - Bad State rule template, and then click Next.
- Review and edit the existing conditions and values where needed, and then click Next.
- Review and adjust the rule details where needed, and then click Create.
See Create a new rule for additional guidance.