Triggering an IoC scan when logs are generated in a rule

You can configure SES Evolution rules to automatically launch an IoC scan on an agent every time the rule is applied, i.e., every time a log is generated for such a rule. The types of rules in question are Threats, Application, ACL resources and Networks.

WARNING
IoC scans triggered when logs are generated have a greater impact on the performance of agents than the impact of scheduled scans or scans on demand.

For more information on possible actions when logs generated, refer to the section Configuring actions triggered by rules.