Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Pro
111112113114115116117118119120
Security Management Server - AdminHelp v9.8
101
Threats
Select this option to log any newly found threats or changes observed for any existing threat, to the Syslog
server. Changes include a threat being Removed, Quarantined, Waived, or Executed.
There are five types of Threat Events:
threat_found: A new threat has been found in an Unsafe status.
threat_removed: An existing threat has been Removed.
threat_quarantined: A new threat has been found in the Quarantine status.
threat_waived: A new threat has been found in the Waived status.
threat_changed: The behavior of an existing threat has changed (examples: Score, Quarantine
Status, Running Status).
Example Message of Threat Event:
Threat Classifications
Hundreds of threats are classified each day as either Malware or Potentially Unwanted Programs (PUPs). If
this option is selected, you subscribe to be notified when these events occur.
Example Message of Threat Classification:
SIEM (Security Information and Event Management)
Specifies the type of Syslog server or SIEM that events are to be sent to.
Protocol
This must match what is configured on your Syslog server. The choices are UDP or TCP. UDP is generally not
recommended as it does not guarantee message delivery. Dell recommends TCP (default).
TLS/SSL