Views:
Advanced endpoint assessments have nine available criteria types and a data period of up to the past 30 days.

Procedure

  1. Click Detection & ResponseAssessments.
  2. Expand Create Assessment, and select Advanced and Endpoints.
  3. To manually define criteria, select User-defined.
    For OpenIOC criteria, see Creating an Advanced Endpoint Assessment with OpenIOC Criteria.
  4. Enter a task name or use the generated task name.
  5. (Optional) Click Saved Criteria, select a criteria set from the list, and click Apply Criteria.
    Note
    Note
    Applying saved criteria overwrites any criteria already specified.
  6. Configure up to ten assessment criteria.
    You can use the criteria types listed in the table below.

    Advanced Assessment Available Criteria Types

    Category
    Criteria Type
    Endpoint criteria
    FQDN/IP address/Hostname
    User name
    File name
    File hash value
    File directory
    Registry criteria
    Registry key
    Registry value name
    Registry value data
    Others
    CLI command
  7. Select the data period
    • Last 24 hours
    • Last 7 days
    • Last 30 days (default)
  8. Click Select Customers, then choose the customers to include in the assessment.
    Only customers with EDR or XDR licenses are available for selection.
  9. (Optional) Click criteria-save-icon.jpg to save your criteria.
  10. Click Assess Impact.
You can monitor the status of the assessment task in AdministrationAdministration logs.