We’ve set up automated remediation for a number of items. One is to create a ticket if malware is found by the AV (BitDefender). This is not consistent and it seems to ignore the trigger I’ve set up, which is below:

image1783×435 32.1 KB

The alert email contains the trigger word, as did the notification in Syncro (which I cleared because I expected a ticket).

image710×670 20.1 KB

Is there another way we need to configure this remediation? It seems to work if the alert is “blocked malware” but not if it says “deleted malware” - which is odd since malware is supposed to be the key word.

Hey this is what I get for trying to post while my phone is ringing!

This is where it’s supposed to convert to a ticket:

image1735×810 70.4 KB

You can also use the Gravity Zone alerting for this which separates the alerts based on type which is more granular.

We have it set up to send in a ticket to our support address.

To set it up go to your Notification settings and enable any alert types you want and what email address you want it to go to.

image948×524 24.4 KB

That’s certainly an option, but we’re trying to KISS. To me that means, ideally, all alerts (which are high priority until at least triaged) should be in a single place. Everything else currently goes to the Alerts tab in Syncro.

Bonus: had another alert come in that didn’t trip this.

image1277×657 51.8 KB

Another great example. This came overnight, and you can see we have nothing under Alerts despite this notification.

image1789×744 66.5 KB

The “View Ticket” button takes me to ticket #7354, which is from a week ago and is resolved.

image1452×463 32.7 KB