CREATE/MODIFY AT PROFILE LEVEL
-
On the Host Monitoring page, expand the profile and click Edit Allowlist
-
All processes are listed along with their Threat Intelligence, Path, Allowlisted libraries (if any), Source (Scan or Incident), Library Monitoring (Enabled/Disabled) and Allowlist (or not)
-
The “Not allowlisted” icon is displayed below
-
The list displays Process Threat Intelligence. A mouse-over will display the details
-
A click on the process provides more information about it
-
The below table represents the different status values of process and/or library threat intelligence along with their descriptions
SL NO
Threat Intelligence Status
Color
Description
1
Safe
Green
If the process or all the libraries are verified and are safe
2
Threat
Yellow
If the process or at least one library is marked as a potential threat
3
Unverified
Grey
If the process or at least one library is not verified
4
NA (only for Library)
NA
When there are no libraries associated with the process
Table - Threat Intelligence Status
CONTINUED...