Threat notifications and ERA

[DiPersiaTech 2]

We've been using ERA forever and have some basic notifications setup.  It wasn't until a virus hit a machine yesterday and we didn't get any alerts that I realized we had no working notification for threats.

 

So I setup a new notification and it appeared what looked best to me was a "Received Log Event" against the threats log for critical warnings.  The system in question with the virus has a myriad of critical warnings (And still does as we're cleaning it up.)  But I'm not getting any notifications.

 

Is there a better way to do this? 

[dwomack 160]

The following method in this KB Article might be of some help: "How do I configure SMTP client threat notifications?"

[DiPersiaTech 2]

Would prefer to use the notification manager inside of ERA instead of relying on the clients themselves to send notifications.