In the Host Intrusion Prevention environment, when events occur they are delivered to the ePolicy Orchestrator server. Notification rules are associated with the group or site that contains the affected systems, and are applied to the events. If the conditions of a rule are met, a notification message is sent, or an external command is run, as specified by the rule.
You can configure independent rules at different levels of the Directory. You can also configure when notification messages are sent by setting thresholds that are based on aggregation and throttling.
ePolicy Orchestrator provides default rules that you can enable for immediate use. Before enabling any of the default rules: