McAfee EndPoint Security Patch Level (alerting)

GripLogix.McAfee.Monitoring.Rule.PatchLevel.EndPointSecurity (Rule)

Alert Rule for EndPoint Security Patch Level.

Element properties:

Member Modules:

Source Code:

<Rule ID="GripLogix.McAfee.Monitoring.Rule.PatchLevel.EndPointSecurity" Target="GripLogix!GripLogix.McAfee.McAfeeEndPointSecurity" Enabled="true" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Alert</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="GripLogix.McAfee.DataSource.Condition.PSRegCheckRegValue.PropertyBag">

      <IntervalSeconds>14400</IntervalSeconds>

      <SyncTime/>

      <RegKeyPath>HKLM:\\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Application Plugins\ENDP_GS_*</RegKeyPath>

      <RegValue>PatchVersion</RegValue>

      <Threshold>2</Threshold>

      <Debug>false</Debug>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WA" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="GripLogix.McAfee.Monitoring.Rule.PatchLevel.EndPointSecurity.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/Property[@Name='PatchVersion']$</AlertParameter1>

        <AlertParameter2>$Data/Property[@Name='Error']$</AlertParameter2>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/Property[@Name='PatchVersion']$</SuppressionValue>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>