Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian
101102103104105106107108109110
Navigate the Dell Server
88
User Name - Name of the user who was logged in when the exploit attempt was identified.
Endpoint Advanced Threat Events
The Advanced Threat Events tab displays if the Advanced Threat Prevention service is provisioned and
Advanced Threat Prevention is enabled on the endpoint.
The tab displays information about events for the endpoint based on information available in the Dell
Server.
To access the Enterprise Advanced Threats tab, follow these steps:
1. In the left pane, click Populations > Endpoints.
2. Search or select a hostname, then the Advanced Threat Events tab.
Use the following filters to select content to display on the Advanced Threat Events tab:
Type - Threat Found, Threat Blocked, Threat Terminated, Memory Violation Blocked, Memory Violation
Terminated, Memory Violation (Detected), Threat Removed, Threat Quarantined, Threat Waived, Threat
Changed, Protection Status Changed.
Severity - Severity level of the event: Critical, Major, Minor, Caution, or Informational.
Timeframe (in days) - 1, 7, 14, 30, 60, 90
Columns - Allows you to select the following additional columns to display:
Hostname - The fully qualified name of the computer
Data - Details about the event
Created - Date and time that the event was captured
Machine Name - Name of the computer on which the threat event was detected
Path - Path to the file in which the threat was detected
Sha256 - The file's 256-character Secure Hash Algorithm can be compared with an expected result to
indicate whether the file has been tampered with.
Score - The threat file's score, indicating the confidence level that the file is malware. The higher the
number, the greater the confidence.
Server Encryption Clients
Suspend an Encrypted Server
When you suspend an encrypted server, you suspend the user associated with the encryption client
rather than an individual user who logs on to the endpoint.
To suspend a Server Encryption client:
1. In the left pane, click Populations > Users.
2. In Search, enter SERVER-USER and click the
.
3. Click the user name of the appropriate user.
4. On the User Detail page, click the Endpoints tab.