Print Download PDF Send Feedback

Previous

Next

Automatic Threat Analysis Settings

Define the automatic threat analysis settings in the Triggers and Automatic Response Action.

The automatic options are:

You can edit the selections manually to define when these processes occur.

The confidence level is how sure Endpoint Security is that a file is malicious. High confidence means that it is almost certain that a file is malicious. Medium confidence means that it is very likely that a file is malicious.

To granularly edit which type of events trigger a Forensics response:

  1. In a SandBlast Agent Forensics and Remediation rule, right-click the Automatic Threat Analysis Action and select Edit Shared Action.
  2. Click Override confidence level per specific event.

You can override the settings of the rule for up to five different events.

The Triggers include:

Configuring Network Blades for Forensics Triggers and Remediation

To make triggers and remediation work for events detected by Network Threat Prevention components, you must configure gateway policy for the Threat Prevention components: Anti-Bot, Anti-Virus, and Threat Emulation.

Each component must be enabled and have Protection settings of Prevent or Ask, which include UserCheck.

Best practice is to use the Threat Prevention Recommended Profile (default) that includes all required settings.