Additional Configuration for Non-Reporting Source Management Escalations
J
Jonathan Lewin
The current settings for non-reporting source management escalations cause issues with workstations that are offline for extended periods of time (after hours, weekends, etc.). It would be nice if there was a way to configure the duration separately for servers and workstations, along with a custom field rather than presents.
J
Jeremy Barnes
This is SUPER critical for us an our CMMC clients. We don't need notified on Windows Devices, but do on EVERY OTHER DEVICE.
J
Jeremy Barnes
Per device thresholds..
Critical Devices <4 hrs trigger.
Infrascture <12hr
Windows<72hr, vacation mode?
R
Ruben Castello
Same problem here. Lot of escalation for laptop/pcs not reporting logs to SIEM.
For a computer/laptop we must define a higher thresold, but for example for a firewall Escalation is good.
A
Adam Palmer
Yeah, this granularity is a much-needed feature. We need to know when devices stop sending logs, but laptops need to be handled differently given their portable nature.
Autopilot
Merged in a post:
Granular control over escalations per device type (server, laptop, desktop ect)
M
Mark Nelson
In the SIEM escalations, it would be helpful to have different escalation time frame for workstations vs Servers ect.
As it is I have to disable escalations due to laptops triggering notifications when they are just being used as normal
Matt
I agree. We have to enable this for our CMMC customers but enabling it for the entire account overwhelms us with alerts. We would like the ability to enable it per organzation instead of per account, and then even further, enable it per-source. This would allow us to only track the servers and network devices we expect to always get logs from.