After adding suspicious objects or properly formatted IOC (STIX or OpenIOC) files to Apex Central, you can perform an impact analysis by selecting specific file, file SHA-1, IP address, or domain objects to determine if the threat exists within your network and take mitigation steps to prevent the spread of the threat to other endpoints.
For more information, see the following topics:
Adding OpenIOC Objects to the User-Defined Suspicious Object List
Adding STIX Objects to the User-Defined Suspicious Object List
Impact analysis requires a valid Apex One Endpoint Sensor license. Ensure that you have a valid Apex One Endpoint Sensor license and enable the Enable Sensor feature for the appropriate Apex One Security Agent or Apex One (Mac) policies.
For more information, see the Apex Central Widget and Policy Management Guide.
Endpoint isolation requires that you install Apex One Security Agents on the target endpoints.
The Custom Intelligence screen appears.
The User-Defined Suspicious Object list appears.
Apex Central does not support analyzing impact for URL objects.
Endpoint Sensor contacts agents and evaluates the agent logs for any detections of the suspicious objects.
Impact analysis times vary depending on your network environment.
The At Risk Endpoints list displays all endpoints and users still affected by the suspicious object.
For File detections, the Latest Action Result column displays the last action result reported from managed products.
For all other detection types, the Latest Action Result column displays "N/A".
The At Risk Recipients list displays all recipients still affected by the suspicious object.