McAfee EndPoint Security Patch Level (alerting)
GripLogix.McAfee.Monitoring.Rule.PatchLevel.EndPointSecurity (Rule)
Alert Rule for EndPoint Security Patch Level.
Element properties:
Member Modules:
Source Code:
<Rule ID="GripLogix.McAfee.Monitoring.Rule.PatchLevel.EndPointSecurity" Target="GripLogix!GripLogix.McAfee.McAfeeEndPointSecurity" Enabled="true" ConfirmDelivery="false" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>Alert</Category>
<DataSources>
<DataSource ID="DS" TypeID="GripLogix.McAfee.DataSource.Condition.PSRegCheckRegValue.PropertyBag">
<IntervalSeconds>14400</IntervalSeconds>
<SyncTime/>
<RegKeyPath>HKLM:\\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Application Plugins\ENDP_GS_*</RegKeyPath>
<RegValue>PatchVersion</RegValue>
<Threshold>2</Threshold>
<Debug>false</Debug>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WA" TypeID="Health!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertMessageId>$MPElement[Name="GripLogix.McAfee.Monitoring.Rule.PatchLevel.EndPointSecurity.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/Property[@Name='PatchVersion']$</AlertParameter1>
<AlertParameter2>$Data/Property[@Name='Error']$</AlertParameter2>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/Property[@Name='PatchVersion']$</SuppressionValue>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>