Apr 26 2019 08:46 AM
Hi. Is there a way to have MCAS generate an alert or email to indicate SIEM agent status change from "connected" to "disconnected". For example if the agent goes into disconnected or error state for x number of hours. Can an admin alert or email be generated, so that it can investigated and potentially agent restarted by operational teams etc.
Thanks.
Apr 28 2019 01:22 AM
Apr 29 2019 01:40 AM
Thanks - will give this a test. I take it there is no way to centrally define that these SIEM agent type "system alerts" can be eg. sent to a specified separate operations email address instead of the email of the admin who just happens to have enabled the system notification emails ?
Apr 29 2019 01:47 AM