Outbreak Event

This notification is triggered as soon as the defined criteria for an outbreak of incidents is met and does not report every single incident or incidents exceeding the defined criteria.

Define filtering parameters for an Outbreak Event in the Client filter window. When a rule is applied, only clients meeting the client filter criteria are taken into consideration. The filtering criteria are:

FROM Primary Server – Only clients from primary server (the negative NOT FROM can also be applied).

Primary Server IN – Includes primary server in the output.

HAS New Flag – clients marked by the flag ”New” (the negative HAS NOT can also be applied).

ERA Groups IN – Clients belonging to the specified group.

Domain/Workgroup IN – Clients belonging to the specified domain.

Computer Name Mask – Clients with the specified computer name.

HAS IPv4 Mask – Clients falling into the specified IPv4 mask.

HAS IPv4 Range – Clients within the specified IPv4 address range.

HAS IPv6 Network Prefix – Clients with the specified IPv6 address range.

HAS IPv6 Range – Clients within the specified IPv6 address range.

HAS Defined Policy – Clients with the specified policy assigned (the negative HAS NOT can also be applied).

After you have specified a client filter for your notification rule, click OK and proceed to the rule parameters. Client parameters define what condition a client or a group of clients must meet in order to run the notification action. To view the available parameter, click the Edit… button in the Parameters section.

Log type – Select the type of the log you want to monitor.

Log level – Log entry level in the given log
- Level 1 – Critical Warnings – Critical errors only.
- Level 2 – Above + Warnings – The same as 1, plus alert notifications.
- Level 3 – Above + Normal – The same as 2, plus informative notifications.
- Level 4 – Above + Diagnostic – The same as 3, plus diagnostic notifications.

1000 occurrences in 60 minutes – Type the number of occurrences and select the time period to specify the event frequency that must be reached for the notification to be sent. The default frequency is 1000 occurrences in one hour.

Amount – Number of clients (either absolute or in percent).

The Throttle interval is the time interval used for sending the notifications. For example, if the throttle interval is set to 1 hour, the data is collected in the background and you will get the notification every hour (in case the outbreak still exists and the trigger is active).