Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Pro

241

242

243

244

245

246

247

248

249

250

Manage Policies

230

Escalation: LSASS Read Terminate

Escalation: Zero Allocate Terminate

Watch for New Files Selected

Advanced Threat Events tab fields and filters

The Advanced Threat Events tab displays information about events for the entire enterprise based on

information available in the Dell Server.

The tab displays if the Advanced Threat Prevention service is provisioned and licenses are available.

To access the Enterprise Advanced Threats tab, follow these steps:

1. In the left pane, click Populations > Enterprise.

2. Select the Advanced Threat Events tab.

Use the following filters to select content to display on the Advanced Threat Events tab:

Type - Threat Found, Threat Blocked, Threat Terminated, Memory Violation Blocked, Memory Violation

Terminated, Memory Violation (Detected), Threat Removed, Threat Quarantined, Threat Waived, Threat

Changed, Protection Status Changed.

Severity - Severity level of the event: Critical, Major, Minor, Warning, or Informational.

Timeframe (in days) - 1, 7, 14, 30, 60, 90

Columns - Allows you to select the following additional columns to display:

Host Name - The fully qualified name of the computer

Data - Details about the event

Created - Date and time that the event was captured

Machine Name - Name of the computer on which the threat event was detected

Path - Path to the file in which the threat was detected

Sha256 - The file's 256-character Secure Hash Algorithm can be compared with an expected result to

indicate whether the file has been tampered with.

Score - The threat file's score, indicating the confidence level that the file is malware. The higher the

number, the greater the confidence.

Manage Enterprise Advanced Threats - Protection

The Protection tab provides information about files and scripts that are potentially harmful.

Threats

The table lists all events found across the organization. An event may also be a threat but is not necessarily

so.

View additional information about a specific threat either by clicking on the threat name link to view details

displayed on a new page or by clicking anywhere in the row of the threat to view details at the bottom of

the page.

To view additional threat information in the table, click the drop-down arrow on a column header to select

and add columns. Columns display metadata about the file, such as Classifications, Cylance Score