You can schedule daily, weekly, and monthly reports that contain information about the status of the service and connected devices. You can download reports as pdf files from the portal when they are ready. To create a new report: Log in to the portal with your email address and password. The Home view opens. Select the Reports tab. The Reports view […]
When you elevate the incident, the service alerts F-Secure analysts. Analysts will have access to the incident data to help them to solve the case. You need a valid subscription and unused elevate tokens to be able to elevate incidents. Note: Elevating incidents is available for Partner-level administrators only. To elevate the incident to F-Secure: Log […]
Some detections may require deeper analysis and guidance by specialized cyber security experts. If you cannot resolve an incident after your analysis, you can elevate the incident to F-Secure for help in resolving the broad context detection and instructions how to respond to it. You can elevate an incident to F-Secure when you need help […]
You can save your searches so that you can easily access them later without having to create same filtering rules again. To save your current filtering rules: On the Event Search tab, create a search filtering rule as described. Select the View field. The View dialog shows all filter views that you have created. Select the saved view from the list […]
The Event Search view shows the endpoint event data based on the currently selected filtering rules. Note: To change columns that are visible in the Event Search view, use either the Visible columns menu or open event details and then select to add the new column to the table. To search for events: Select the Event Search tab. The Event Search view shows you a […]
With Event Search, you can view the endpoint event data that sensors have collected. With this data, you can search for signs of threats or find more context for the incident that you are investigating already. Event Search is designed for advanced incident investigation. It allows you to filter and search for events based on […]
After you have analyzed and solved a broad context detection and after the incident is over, you can release isolated hosts back to the network. To release a host from the isolation: Select the Devices tab. Select the host that you want to release from the isolation. Select Release host and confirm the release. The selected host is released […]
You can isolate one or more devices from the network. To isolate a single host from the network: Select the Devices tab. Select the device that you want to isolate from the network. Select Isolate device and confirm the isolation. The selected device is isolated from the network. Source : Official F-Secure Brand Editor by : BEST Antivirus KBS […]
After analyzing a broad context detection, you may want to isolate hosts from the network connections to avoid further harm to the environment. In order to isolate hosts, you must configure Windows group policies to allow F-Secure to control Windows Firewall. Note: Using the portal to isolate hosts works only with PSB + F-Secure Elements EDR […]
The criticality of a detection is partly based on the importance of the affected hosts. F-Secure Elements Endpoint Detection and Response classifies hosts into the following groups automatically based on processes running on them: Server Domain Controller Exchange Server Non-technical Sys Admin Developer Unknown (not enough data to determine the profile) The incident risk score […]