CREATE/MODIFY AT PROFILE LEVEL
-
On the Host Monitoring page, expand the profile and click Edit Allowlist
-
All processes are listed along with their Threat Intelligence, Path, Allowlisted libraries (if any), Source (Scan or Incident), Library Monitoring (Enabled/Disabled) and Allowlist (or not)
-
The “Not allowlisted” icon is displayed below
-
The list displays Process Threat Intelligence. A mouse-over will display the details
-
A click on the process provides more information about it
-
The below table represents the different status values of process and/or library threat intelligence along with their descriptions
SL NO
Threat Intelligence Status
Color
Description
1
Safe
Green
If the executables are verified by the configured Threat Intelligence Service and are safe
2
Threat
Yellow
If the executable is marked as a potential threat
3
Unverified
Grey
If Threat Intelligence Service is not configured
4
Unknown
NA
If the reputation of the executable is not available with the configured Threat Intelligence Service
Table - Threat Intelligence Status
CONTINUED...