<< PREVIOUS  NEXT >>

 

CREATE/MODIFY AT PROFILE LEVEL
  1. On the Host Monitoring page, expand the profile and click Edit Allowlist

    Picture 1073742194

  2. All processes are listed along with their Threat Intelligence, Path, Allowlisted libraries (if any), Source (Scan or Incident), Library Monitoring (Enabled/Disabled) and Allowlist (or not)

  3. The “Not allowlisted” icon is displayed below

     

    Picture 1073742219

     

  4. The list displays Process Threat Intelligence. A mouse-over will display the details

     

    Picture 1073742221

     

  5. A click on the process provides more information about it

    Picture 1073742222

  6. The below table represents the different status values of process and/or library threat intelligence along with their descriptions

     

    SL NO

    Threat Intelligence Status

    Color

    Description

    1

    Safe

    Green

    If the executables are verified by the configured Threat Intelligence Service and are safe

    2

    Threat

    Yellow

    If the executable is marked as a potential threat

    3

    Unverified

    Grey

    If Threat Intelligence Service is not configured

    4

    Unknown

    NA

    If the reputation of the executable is not available with the configured Threat Intelligence Service

    Table - Threat Intelligence Status

 

CONTINUED...

 

<< PREVIOUS  NEXT >>