To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

"Critical importance" classification for device

RobyFT
RobyFT Member Posts: 3 Security Scout
edited November 19 in Elements Endpoint Detection and Response (EDR)

Goodmorning , we have a premium EPP subscription and now we are testing EDR with a trial license

Looking at Automated actions → Add rule it shows

immagine.png

where I assign or remove "critical importance" for device?

if this is an automatic classification where I can see how a device is classified for this rule?

I read the documentation fsedr-adminguide_eng.pdf and found istruction for "Changing the importance of monitored hosts" but it refers to functions/sections I cant find in my portal and also the classification listed (server, technical device, non-technical, unknown) are not referring to "critical importance" classification

Thank you

Roberto

Best Answer

Answers

  • Sethu Laks
    Sethu Laks Staff, Moderator Posts: 287 W/ Moderator

    Hi @RobyFT

    Thank you for reaching out to the WithSecure Commmunity,

    To manually change the importance of monitored hosts, follow these instructions:

    1. Go to the Environment > Devices view of the customer organization that you want to edit.
    2. In the View menu, select EDR status.
    The EDR Device classification column shows how WithSecure Elements Endpoint Detection and
    Response has classified the host and the Device Importance column shows the importance you have
    assigned to the host.
    3. Select the host that you want to edit by selecting its name.
    4. Select Update importance.
    5. Select the new status for the selected hosts from the pull-down menu.
    6. Select Update.

    Reference:

    Screenshot 2024-05-17 204950.png

    Best regards,
    Sethu
    Community Moderator | Technical Support Engineer
    WithSecure™ https://www.withsecure.com/en/home

  • RobyFT
    RobyFT Member Posts: 3 Security Scout

    Thanks for info

    anyway this ok for device with "EPP+EDR computer", i'm testing also "EPP+EDR server", and in this case I dont have "EDR status" section. I still have option to change importance, but cant see how is currently classified. Is that info placed in another section? Or all server have automatically the "critical" classification? Thanks again.

    Best regards Roberto

  • RobyFT
    RobyFT Member Posts: 3 Security Scout

    Thank you for clarification, just what I need.

    Roberto

This discussion has been closed.

Categories