Hello,
In your case, For Client security alert and Risk outbreak, specifies the type and extent of the outbreak that should trigger this notification.
The outbreak type that you select results in the following information:
- Occurrences on any computer - The number of security events or risks that are found in the number of minutes that you set.
Risk Severity - Specifies the severity category of risk that should trigger this notification.
This option applies only to New risk detected, Risk outbreak, and Single risk event.
You can select one of the following:
- All
- Category 5 (Very Severe)
- Category 4 (Severe) and above
- Category 3 (Moderate) and above
- Category 2 (Low) and above
- Category 1 (Very Low) and above
- Unknown - Unknown risks are the risks that Symantec Security Response has not rated.
Scan Type: Specifies the type of scan that should trigger this notification.
This option applies only to New risk detected, Risk outbreak, and Single risk event.
You can select one of the following:
- All
- Scheduled scan
- Manual scan
- Auto-Protect scan
- SONAR
- Console
- Definition download
- System
- Startup scan
- Idle scan
- Manual quarantine
Action taken: Specifies the configured action that you want to trigger this notification. This option applies only to New risk detected, Risk outbreak, and Single risk event.
Notification Condition: For Authentication failure, Risk outbreak, and Client security alert notifications, specifies the number of events that must occur within this number of minutes to trigger a notification.
For a Virus definitions out-of-date notification, specifies that the following conditions trigger a notification:
- The number of days that definitions must be out-of-date.
- The number of computers that must have virus definitions that are older than this value
Damper: Specifies the length of the damper period, in minutes or hours, that you want to use for this notification.
Some logs use a damper period for event aggregation. Events are held on the clients for the damper period before they are aggregated into a single event and then uploaded to the console. The damper period helps to reduce events to a manageable number.
The default damper setting is Auto (automatic). If a notification is triggered and the trigger condition continues to exist, the notification action that you configured is not performed again for 60 minutes. For example, suppose you configure a notification to alert you when a virus infects five computers within one hour. If a virus continues to infect your computers at or above this rate, you receive notifications every hour. The notifications continue until the rate slows to fewer than five computers per hour.
Hope that helps!!