Procedure

1. Go to Response → Managed Detection and Response.
   The Managed Detection and Response screen appears.
2. Click the Pending Tasks tab.
   A table appears and displays a list of investigation tasks with the following information:

   Column	Description
   Task Description	The task name manually specified by the Threat Investigation Center administrator
   Command	The task command to deploy to selected targets For more information about the Threat Investigation Center task commands that display on the Managed Detection and Response screen, see Threat Investigation Center Task Commands.
   Targets	The number of targets for the task
   Expiration	The local time on the Apex Central server for when the task will expire Important By default, new investigation tasks that are not approved or rejected within 72 hours of receipt by Apex Central will automatically time out. For more information about investigation task command statuses, see Threat Investigation Center Command Statuses.

3. To view targets for a pending task, click the right arrow icon () next to the Task Description field.
   A table appears and displays the following details:

   Column	Description
   Endpoint	The name of the target endpoint
   IP Address	The IP address of the target endpoint
   User	The name of the user that last logged on to the target endpoint
   Endpoint Sensor Service	The status of the Endpoint Sensor Service on the target endpoint For more information, see Endpoint Sensor Service Statuses. Important In order for Apex Central to deploy investigation tasks to a specified target, the Endpoint Sensor Service must be enabled on the target.

4. To approve pending investigation tasks:
   1. Select the check box next to the name of each task that you want to approve.

      Note Selecting a check box for a task selects all targets for that task.

   2. Click the right arrow icon next to a task name to modify selected targets for the task.

      Important In order for Apex Central to deploy investigation tasks to a specified target, the Endpoint Sensor Service must be enabled on the target.

      • Select check box(es) next to the target(s) that you want to include.
      • Clear check box(es) next to the target(s) that you want to exclude.
   3. Repeat the previous steps for each pending task.
   4. Click Approve.
      Approved tasks display on the Task Tracking tab.

      For more information, see Tracking Investigation Tasks.
5. To reject pending investigation tasks:
   1. Select the check box next to the name of each task that you want to reject.

      Note Selecting a check box for a task selects all targets for that task.

   2. Click the right arrow icon next to a task name to modify selected targets for the task.
      • Select check box(es) next to the target(s) that you want to include.
      • Clear check box(es) next to the target(s) that you want to exclude.
   3. Repeat the previous steps for each pending task.
   4. Click Reject.
      Rejected tasks display on the Task Tracking tab.

      For more information, see Tracking Investigation Tasks.