Detection & Response correlates information from Worry-Free Business Security
Services, Endpoint Sensor, Cloud App Security, and Active Directory to provide you
with a single
compiled list of all noteworthy security events affecting your customers. The tools
provided
allow you to analyze the timeline of each event, and investigate related objects,
helping to
determine the root cause. You can run Aggressive Scans and isolate endpoints, and
take immediate
action to block, quarantine, or delete objects you deem suspicious. Detection & Response
assessment tasks allow you to search multiple customer networks for email and endpoint
data
containing related threat indicators.
Detection & Response Terminology
|
Term
|
Description
|
||
|
Noteworthy Event
|
Worry-Free Services creates a Noteworthy Event when a threat
detection correlates to one or more potentially suspicious objects. A Noteworthy Event
contains
information about the target endpoint, Analysis Chain, First Observed Object, and
noteworthy
objects.
Remote Manager lists all
of the Noteworthy Events that occurred during the last 60 days.
For more information, see Noteworthy Events / Detection.
|
||
|
Noteworthy Object
|
An object that has been correlated to a known threat. Noteworthy Objects may or may
not
pose a risk to your environment. The Detection & Response feature allows you to
investigate Noteworthy Objects.
|
||
|
Analysis Chain
|
A timeline containing the series of events leading up to a threat detection
and all related objects. You can click objects in the timeline to display further
information.
For more information, see Analysis Chains.
|
||
|
Assessment
|
Search customer endpoint and email data for specified threat indicators. You
can perform assessments on a per-customer and cross-customer basis.
For more information, see Assessments.
|
