Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
919293949596979899100
Navigate the Dell Server
Check box - Select all events by selecting the check box in the column heading row, or select individual
events. When you select a check box, Quarantine and Waive are activated.
Added - Date and time when the exploit attempt was added.
Process Name - Name of the process identified as an exploit attempt.
Process ID - Unique number associated with the exploit attempt.
Type - Type of memory exploit: Exploitation, Process Injection, Escalation.
Action - Action taken to protect the system from the exploit attempt:
Ignore - The agent does not take any action against identified memory violations.
Alert - The agent will record the violation and list the incident on this page.
Block - If an application attempts to call a memory violation process, the agent will block the
process call. The application that made the call is allowed to continue to run.
Terminate - If an application attempts to call a memory violation process, the agent will block the
process call and will also terminate the application that made the call.
User Name - Name of the user who was logged in when the exploit attempt was identified.
Endpoint Advanced Threat Events
The Advanced Threat Events tab displays if the Advanced Threat Prevention service is provisioned and
Advanced Threat Prevention is enabled on the endpoint.
The tab displays information about events for the endpoint based on information available in the Dell
Server.
To access the Enterprise Advanced Threats tab, follow these steps:
1. In the left pane, click Populations > Endpoints.
2. Search or select a hostname, then the Advanced Threat Events tab.
Use the following filters to select content to display on the Advanced Threat Events tab:
Type - Threat Found, Threat Blocked, Threat Terminated, Memory Violation Blocked, Memory Violation
Terminated, Memory Violation (Detected), Threat Removed, Threat Quarantined, Threat Waived, Threat
Changed, Protection Status Changed.
Severity - Severity level of the event: Critical, Major, Minor, Caution, or Informational.
Timeframe (in days) - 1, 7, 14, 30, 60, 90
Columns - Allows you to select the following additional columns to display:
Hostname - The fully qualified name of the computer
Data - Details about the event
Created - Date and time that the event was captured
Machine Name - Name of the computer on which the threat event was detected
Path - Path to the file in which the threat was detected
88