StellarProtect provides the Operations Behavior Anomaly Detection to protect the endpoints from fileless attacks.
Navigate to the target agent or group, and then go to its Policy page. For instructions on how to go to the Policy page, see Go to the Policy Screen.
Scroll down and find the Operations Behavior Anomaly Detection pane.
-
Learn: Under this mode, StellarProtect will monitor unrecognized program calls and add them to the approved operations. In this way, the agent will continuously learn more and more OT-related program call behaviors.
-
Detect: Under this mode, StellarProtect will monitor unrecognized program calls and log them for future analysis.
-
Enforce: Under this mode, StellarProtect will monitor unrecognized program calls and block them to secure the endpoint.
-
Disable: Under this mode, the Operations Behavior Anomaly Detection is disabled and protection for fileless attacks is turned off.
-
In either Detect or Enforce mode, there is one more option, the Aggressive Mode, which is used for stronger threat protection. See Aggressive Mode for more details.
-
You can manually add commonly-abused applications used in operations and processes to the Watchlist for strengthening security monitoring. See Watchlist for more details.