You can populate criteria for advanced endpoint assessments using OpenIOC files.
Advanced endpoint assessments using OpenIOC files have a data period of up to the
past 30 days.
NoteYou must configure and upload OpenIOC files to Remote Manager.
For a list of supported OpenIOC indicator types, see Supported OpenIOC Indicators for Advanced
Endpoint Assessments.
|
Procedure
- Click .
- Expand Create Assessment, and select Advanced and Endpoints.
- To use OpenIOC criteria, select OpenIOC file.For user-defined criteria, see Creating an Advanced Endpoint Assessment with User-defined Criteria.
- To upload a new OpenIOC file:
- Click Upload OpenIOC File.
- Locate the OpenIOC file.
- Click Open.
- To use a previously uploaded OpenIOC file:
- Click Use Existing OpenIOC File.
- Select the OpenIOC file from the list.
- Click Apply.
- Review the preview of the OpenIOC definitions.Definitions containing unsupported indicators are crossed out and omitted from the assessment.
- Enter a task name or use the generated task name.
- Select the data period.
-
Last 24 hours
-
Last 7 days
-
Last 30 days (default)
-
- Click Select Customers, then choose the customers to
include in the assessment.Only customers with EDR or XDR licenses are available for selection.
- Click Assess Impact.
You can monitor the status of the assessment task in
.