To protect against attacks, Endpoint Sensor can monitor each endpoint for specific files through the use of monitoring rules. Monitoring rules follow the same IOC format used in investigations. Administrators can define and upload monitoring rules customized to their needs. Endpoint Sensor also comes with a preloaded IOC rule provided by Trend Micro which automatically updates to ensure protection against the latest threats.
Once a monitored file is found, Endpoint Sensor can either collect the file in a specific location, or send the file to Deep Discovery Analyzer for further analysis.
For details, see Deep Discovery Analyzer Integration.
The Monitoring menu contains the following options to configure the monitoring behavior:
Monitoring Settings: Use this screen to manage monitoring rules. Monitoring rules use the IOC format.
Submitted for Analysis: Use this screen to view the analysis results of files sent to Deep Discovery Analyzer.
Monitoring Log: Use this screen to view all collected files.
Monitoring is disabled by default. To start monitoring, go to Monitoring > Monitoring Settings and perform the following steps: