We’ve set up automated remediation for a number of items. One is to create a ticket if malware is found by the AV (BitDefender). This is not consistent and it seems to ignore the trigger I’ve set up, which is below:
The alert email contains the trigger word, as did the notification in Syncro (which I cleared because I expected a ticket).
Is there another way we need to configure this remediation? It seems to work if the alert is “blocked malware” but not if it says “deleted malware” - which is odd since malware is supposed to be the key word.
Hey this is what I get for trying to post while my phone is ringing!
This is where it’s supposed to convert to a ticket:
You can also use the Gravity Zone alerting for this which separates the alerts based on type which is more granular.
We have it set up to send in a ticket to our support address.
To set it up go to your Notification settings and enable any alert types you want and what email address you want it to go to.
That’s certainly an option, but we’re trying to KISS. To me that means, ideally, all alerts (which are high priority until at least triaged) should be in a single place. Everything else currently goes to the Alerts tab in Syncro.
Bonus: had another alert come in that didn’t trip this.
Another great example. This came overnight, and you can see we have nothing under Alerts despite this notification.
The “View Ticket” button takes me to ticket #7354, which is from a week ago and is resolved.