The Pending Tasks tab on the Managed Detection and Response screen displays investigation tasks submitted by the Threat Investigation Center that require manual administrator approval. You can view targets and commands for specific tasks, modify selected targets, and approve or reject selected tasks.
For more information about the Threat Investigation Center task commands that display on the Managed Detection and Response screen, see Threat Investigation Center Task Commands.
To view the status of Managed Detection and Response task commands, use the Command Tracking screen.
For more information, see Tracking Managed Detection and Response Task Commands.
Apex Central only retains investigation task information for 90 days after submission by the Threat Investigation Center.
By default, new investigation tasks that are not approved or rejected within 72 hours of receipt by Apex Central will automatically time out.
For more information about investigation task command statuses, see Threat Investigation Center Command Statuses.
The Managed Detection and Response screen appears.
A table appears and displays a list of investigation tasks with the following information:
Column |
Description |
---|---|
Task Description |
The task name manually specified by the Threat Investigation Center administrator |
Command |
The task command to deploy to selected targets For more information about the Threat Investigation Center task commands that display on the Managed Detection and Response screen, see Threat Investigation Center Task Commands. |
Targets |
The number of targets for the task |
Expiration |
The local time on the Apex Central server for when the task will expire Important:
By default, new investigation tasks that are not approved or rejected within 72 hours of receipt by Apex Central will automatically time out. For more information about investigation task command statuses, see Threat Investigation Center Command Statuses. |
A table appears and displays the following details:
Column |
Description |
---|---|
Endpoint |
The name of the target endpoint |
IP Address |
The IP address of the target endpoint |
User |
The name of the user that last logged on to the target endpoint |
Endpoint Sensor Service |
The status of the Endpoint Sensor Service on the target endpoint For more information, see Endpoint Sensor Service Statuses. Important:
In order for Apex Central to deploy investigation tasks to a specified target, the Endpoint Sensor Service must be enabled on the target. |
Selecting a check box for a task selects all targets for that task.
In order for Apex Central to deploy investigation tasks to a specified target, the Endpoint Sensor Service must be enabled on the target.
Select check box(es) next to the target(s) that you want to include.
Clear check box(es) next to the target(s) that you want to exclude.
Approved tasks display on the Task Tracking tab.
For more information, see Tracking Investigation Tasks.
Selecting a check box for a task selects all targets for that task.
Select check box(es) next to the target(s) that you want to include.
Clear check box(es) next to the target(s) that you want to exclude.
Rejected tasks display on the Task Tracking tab.
For more information, see Tracking Investigation Tasks.