Alert forwarding in F-Secure Client Security

timothee
timothee W/ Alumni Posts: 4 Security Scout

Hello,

 

I'm trying to configure the Alert Forwarding for my client to forward all the logs to the Event Viewer, but I saw, in my PM,  that this setting applies only to version 13.X and earlier.
In the F-Secure Linux Security web ui, I know that it's possible to configurate Alert Forwarding, but in the F-Secure Client Security (Windows) isn't possible.

 

Do you know how can I configurate it ? in configuration files or in the registry for example ?

 

Thanks in advance !

Timothée

Comments

  • ravi12
    ravi12 W/ Alumni Posts: 57 Security Scout

    Hi

    can you tell which version of Client Security you are using.

     

    In CS14.02 all setting to be done in standard view only and you can select event viewer in alert sending tab in standard view only. You can configure which type of alerts you want to send in event viewer such as security, error etc.

  • timothee
    timothee W/ Alumni Posts: 4 Security Scout

    Hi,

    Thank you for your answer.

     

    I'm using fscs-14.01 generated by a fspm-14.01.
    As you said, I tested with fscs-14.02, but it's the same result.

    I checked all alerts types in the table but they arn't forward to the event viewer on the client.

    As you can see on the picture, it is for "13.X hosts only" so whether it is for fscs-14.01 or fscs-14.02 I think it's the same problem.

     

    May be there is a way to configurate that directly on the client ?

     

    Capture.PNG

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    Thanks

    Timothée

  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master
    in V14 environments e-mail alerting is ONLY done by PMS. You can select to forward alerts from servers or from servers and hosts.
  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Dear Matthias,

     

    > You can select to forward alerts from servers or from servers and hosts.

     

    I think the phraseology chosen by F-Secure Corp. isn't very clear here. By "servers" do they mean "computers with server OS" or Policy Manager Servers? By saying "hosts" do they actually mean "endpoints"?

     

    (I feel the newly revamped Standard View in Policy Manager may be cuter, but the Advanced View with its collapsible hierarchies and rigidly formatted tables was a more logical system.)

     

    Best Regards: Tamas Feher, Hungary.

  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master
    You are right,
    "Only Server alerts" is PMS only
    "Host and server alerts" is PMS and all managed systems.
    The severity can be chosen from the field below that.

    Alerts, severity and forwards can not be configured on a per host basis. This should be configured on the Mailer with filters.
  • Koskenvoima
    Koskenvoima W/ Alumni Posts: 1 Security Scout

    Are you serious? This was not included in the release notes of Policy Manager / Client Security 14.

     

    How are we supposed to handle email alerts in a multi-tenant environment, where alerts from various Policy Domains should be directed to different contacts? Do we need to setup a third-party solution or create separate e-mail forwarding policies for every single client on some other platform?

     

    This seems like a major feature degradation that was not disclosed by F-Secure at all.

  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master

    @Vad  please forward to product management ASAP.

This discussion has been closed.