Hello all, my brain is dead.. and the Alert rules/ Global exclusions is the last hurdle I need to jump before I can start putting this on my clients workstations and servers.
Does anyone have Basic rules config that they use?
I'd like to monitor things like ID 2013 - disk is at or near capacity, ID 7 - bad block, ID 52, disk failure, as well as others for CPU overheating, CPU operating at 100%, RAM at 100 % or paging file usage, computer not shut down properly/ unexpected shut down etc ... but not monitor all.. I only have dss on one machine right now and the emails are exhausting from that one pc. ha.
Also, what security events do you look for? None of my clients are on domains, all are workgroups
Last thing, I saw in a previous post where Nick mentioned that if you only enable heartbeat, you can minimize the flooding of emails you get, as the heartbeat includes the event id's in your rules/ exclusions, once a week? but it looks like now you can only schedule it daily. Id like the option to have it on a weekly similar to the automated scheduled maintenance, where you can select weekly/ monthly.
Thank you in advance!