Documentation forSecurity Event Manager

Create a SEM rule to track when viruses are not cleaned

Create and enable the Virus Attack – Bad State rule to track virus attacks reported by your anti-virus software. The Bad Virus State User-Defined Group defines a bad state as any virus that is not fully cleaned by your anti-virus software. This includes any virus that is not addressed, quarantined, or renamed.

The default action for this rule generates a HostIncident event, which you can use in conjunction with the Incidents report to notify auditors you are auditing the critical events on your network.

  1. Log in to the SEM Console.

  2. On the toolbar, click Rules.
  3. On the Rules toolbar, click Create rule from template.

  4. In the search box, enter virus and then click the magnifying glass icon.

  5. Select the Virus Attack - Bad State rule template, and then click Next.

  6. Review and edit the existing conditions and values where needed, and then click Next.
  7. Review and adjust the rule details where needed, and then click Create.

    See Create a new rule for additional guidance.