Trellix bought McAfee, and rebranded, but the service, application, registry keys, etc. have not yet changed. Many times, the pack fills in the gaps that the admin misses. Examples when Application services crash or become non-responsive, or just adding the capability to summarize issues seen in a daily alert report.
Quick Download: https://github.com/theKevinJustin/TrellixAgentMonitoring
Did you know?
System Event ID 7031 is logged for each application/service when the process has issues?
Trellix agent services have a monitor alert when System Event Log, EventID 7031 events have the agent services in the event description.
Second, my own spin for Application monitoring starts with the mantra ‘smarter vs. harder. Besides dynamic discovery based on registry key, adding the Service MonitorType gives additional monitorign flexibility adding Samples and Intervals to decrease false positive alerts. Simply put – count logic – x failures in y time before alerting.
Service MonitorType adds Samples and Intervals to decrease false positive alerts.
Third, the pack adds Trellix Agent rules, monitors, on-demand report task, and recovery scripts build out the manual intervention required alert action mantra.
Optional – Configure addendum for environment
Download and Install ‘Trellix Agent pack’ here
Open saved XML in notepad or Notepad++ (your favorite XML editor here!)
Update the regular expression pattern line for McAfee server group
Save file and Import > enjoy less alerts!
Documentation
Addendum download https://github.com/theKevinJustin/TrellixAgentMonitoring