The criticality of a detection is partly based on the importance of the affected hosts.
F-Secure Elements Endpoint Detection and Response classifies hosts into the following groups automatically based on processes running on them:
- Domain Controller
- Exchange Server
- Sys Admin
- Unknown (not enough data to determine the profile)
The incident risk score increases when an attack targets a host that has been classified as a server (server, domain controller or exchange server).
To manually change the importance of monitored hosts, follow these instructions:
- Go to the Devices view of the customer organization that you want to edit.
The Profile column shows how F-Secure Elements Endpoint Detection and Response has classified the host.
- Select hosts that you want to edit by selecting the appropriate checkboxes.
- Select Update importance.
- Select the new status for the selected hosts from the pull-down menu.
- Select Update.