Home
  •  

Outbreak Reoccurrence

MomUIGeneratedRulee056f874fec84a28b2ef5283496a702d (Rule)

Knowledge Base article:

Management Pack
Summary
An outbreak condition continues to be detected.
 
Causes
An outbreak is still occurring.
 
Resolutions
Monitor mail traffic. Create new rules to block mail from the offender, if necessary.
 
© 2012, Symantec Corporation. All rights reserved.

Element properties:

TargetMicrosoft.Windows.Computer
CategoryEventCollection
EnabledTrue
Event_ID330
Event SourceSymantec Mail Security For Microsoft Exchange
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityLow
RemotableTrue
Alert Message
Outbreak Reoccurrence
Event Description: {0}
Event LogApplication

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
Alert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="MomUIGeneratedRulee056f874fec84a28b2ef5283496a702d" Enabled="true" Target="MicrosoftWindowsLibrary6172210!Microsoft.Windows.Computer" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="MicrosoftWindowsLibrary6172210!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Property[Type="MicrosoftWindowsLibrary6172210!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">330</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">Symantec Mail Security For Microsoft Exchange</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>0</Priority>

      <Severity>1</Severity>

      <AlertOwner/>

      <AlertMessageId>$MPElement[Name="MomUIGeneratedRulee056f874fec84a28b2ef5283496a702d.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression/>

      <Custom1/>

      <Custom2/>

      <Custom3/>

      <Custom4/>

      <Custom5/>

      <Custom6>Symantec Mail Security for Microsoft Exchange</Custom6>

      <Custom7/>

      <Custom8/>

      <Custom9/>

      <Custom10/>

    </WriteAction>

  </WriteActions>

</Rule>