Prevention Status
The Prevention status page provides a summary of pending prevention actions to be taken, actions that are currently active and historical actions that have already been taken over a specific time period.
To view the Prevention status page, access the Infinity XDR
Extended Detection & Response/XPR Extended Prevention & Response Administrator Portal and click Prevention Center > Prevention status. It shows the prevention status for the last 30 days.
Pending User Actions
The Pending user actions widget shows the recommended prevention actions from all incidents in your account that require user action. The actions are categorized by their type (for example, Enable IoC in IoC management or Reset password).
To view the details of a pending action, click the relevant action type. The table that appears below the widget shows the statistics and details of the selected action.
The example below shows the table displayed when you select the action Enable IOC in IOC management.
Statistics
The Statistics tab shows the number of recommended actions created in a specific time period. You can select the time period from the list at the top. By default, the system shows the statistics for the previous month.
Details Table
The Details table shows the details of the pending action.
|
Item |
Description |
|---|---|
|
Date Recommended |
Date and time when Infinity XDR/XPR recommended the prevention action. |
|
Expiration date |
Date and time when the prevention action expires. |
|
Type |
Type of the prevention action. |
|
Action |
Description of the prevention action. |
|
Value |
Indicator |
|
Link to the related incident. Click it to view the incident details. |
Status
The Status widget shows the number of prevention actions taken that are currently active, categorized by action type. In the example below, the system has 14 IoCs currently enabled in IoC Management.
To view the details of an action, click the widget corresponding to the relevant action type (for example, IoCs enable in IoC management). The table that appears at the bottom shows the statistics and details of the selected action.
To view details of the selected action, click Details table.
Prevention Actions Taken
The Prevention actions taken widget shows the total number of prevention actions taken, including active ones, those that were deactivated by the user before they expired, and the expired ones.
To view the action details, click View Details. The Prevention actions taken table that appears below the widget provides information about all active and expired prevention actions.
The Prevention actions taken table shows:
|
Item |
Description |
|---|---|
|
Date |
Date and time when the prevention action was taken. |
|
User |
User who performed the action. |
|
Action |
Prevention action taken. |
|
Mode |
Mode of performing the prevention action:
|
|
Value |
Indicator value/ machine name/ file name (Depends on the action type). |
|
Source |
Link to the related incident. Click it to view the incident details. |
Attacks Prevented by XDR/XPR
The Attacks prevented by XDR/XPR widget shows the number of attacks blocked on different integrated products by performing the actions recommended by Infinity XDR/XPR. The widget categorizes the prevention actions by their type.
For example, Harmony Endpoint blocks an attack involving an indicator that was enabled based on a recommended action in Infinity XDR/XPR.
To view the attack details, click View Details. The Attacks prevented by XDR/XPR table that appears below the widget provides information about all the prevented attacks.
The Attacks prevented by XDR/XPR table shows:
|
Item |
Description |
|---|---|
|
Time |
Date and time when the attack was prevented. |
|
Action Type |
Type of the prevention action taken. |
|
Action Details |
Indicator value/ machine name/ file name (Depends on the action type). |
|
Data Source |
Product that blocked the attack. |
|
Incident |
Link to the related incident. Click it to view the incident details. |