logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: How to Create an Event Rule to Automatically Restore Devices to Normal Enforcement

App Control: How to Create an Event Rule to Automatically Restore Devices to Normal Enforcement

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions

Objective

Create an Event Rule to automatically restore an endpoint to normal Enforcement Level after remaining in Local Approval longer than desired.

Resolution

Part 1 of 2 - Configuring the Alert
  1. Log in to the Console and navigate to Tools > Alerts > edit "Local Approval Alert".
  2. Set the General > Status: Enabled
  3. Set the Criteria > Time Period accordingly. (Default is 1 hour)
  4. Set the Auto Reset to use the following:
    • Status: Enabled
    • Reset After: 1 Minute
  5. Click Save & Exit
 
Warning: Email notifications for this Alert are not recommended if regularly moving bulk numbers of Agents.
  • The Alert will generate for all machines matching the criteria.
  • The Event Rule can only move one machine at a time.
  • If multiple machines are moved at the same time this may cause duplicate Emails to be delivered.

Part 2 of 2 - Creating the Event Rule
  1. Navigate to Rules > Event Rules > Create Rule.
  2. Use the following details:
    • Rule Name: Restore Normal Enforcement (or something memorable)
    • Status: Enabled
    • Event Properties: Policy > is: Local Approval Policy
    • Event Properties: Subtype > is: Alert triggered
    • Action: Move Computer
    • Target: Restore to Normal Enforcement Level
  3. Click Save & Exit

This is a article attached imageThis is a article attached image This is a article attached imageThis is a article attached image

Additional Notes

  • Each Event Rule is designed to work with one Trigger at a time.
  • If multiple endpoints are moved from Normal to Local Approval at the same time, only one endpoint will count as the Trigger.
  • Only the Triggered endpoint will be moved back to Normal Enforcement
  • See Related Content below for further related info

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎02-02-2022
Views:
692
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.