Approved Applications

Baseline Toggle

Allows you to determine if you want to include the approved applications in the baseline. If you turn it off, the running of the corresponding application will be viewed as unexpected changes and relevant events will be generated.

Application

Displays the product name of the approved application stored in the baseline.

Size

Displays the size of the approved application.

SHA-1

Displays the SHA-1 file hash value of the approved application

SHA-256

Displays the SHA-256 file hash value of the approved application

path

Displays the file path to the approved application

Version

Displays the version of the approved application when it was added to the baseline

Added From

Displays the sources the approved applications are added from:

• Learn mode: the approved applications have been detected and added to the baseline during Operations Behavior Anomaly Detection "Learn" mode.

• Event action: the approved applications have been added to the baseline by StellarOne administrator manually from the agent events (by clicking the Add to Baseline action button). See Add to Baseline for more details.

  Note:

  • If the approved applications are added during the "Learn" mode, the agent learns not only the applications but also the relevant behaviors; different application behaviors may be detected as anomalies.

  • If the approved applications are added from the event action "Add to Baseline", the applications will be viewed as "exceptions" and associated behavior changes will be treated as acceptable.

Time Added

Displays the time when the approved applications were added to the baseline.