Detections

This tab provides the same options as the main Detections tab, but only for the selected computer. After left-clicking on a Detection tag (bubble in front of the Detection name (a rule, for example)), you are redirected to its Detection Details.

Right-click or left-click detection name or anywhere else on the row to bring up a context menu with the following options:

Details—You are redirected to Detections Details

Details (New Tab)—You are redirected to Detections Details but in the new tab

Mark as Resolved—Usage is quite similar to Mark as Inspected. The detections checked by the Security Administrator/Reviewer and turned out to be false-positive should be marked as resolved. By default, such resolved detections are not visible in EEI Web Console. If you want to see them as well, use the Mark as Resolved filter option

Mark as Unresolved—Will mark the Detection as Unresolved

Mark as No Priority—Will mark the Detection as No Priority

Mark as Priority I—Will mark the Detection as Priority I

Mark as Priority II—Will mark the Detection as Priority II

Mark as Priority III—Will mark the Detection as Priority III

Create Exclusion—You can create an exclusion task for the selected rule(s). You are redirected to the Create Rule Exclusion section

Edit Rule—If there is a Rule, you are redirected to the Edit Rule section

Open Computer—Opens Computer Details of the Computer on which the Detection was triggered

Open Process—If the rule triggered the Detection, this redirects you to Process Details of the process that caused the Detection

Open Parent Process—Opens Process Details of the parent process of this process

Display Absolute/Relative Time—Absolute time will show the time in format DD/MM/YYYY HH:MM:SS. Relative time will show the time in the format minutes/hours/months in relation to present time, like "15 minutes ago" or "6 days ago"

Filter—you can find these quick filters, depending on the column:

oShow only this—Shows only records, based on this particular value

oHide this—Hides all records based on this particular value

oShow before—shows only records that are before this value (for example, time)

oShow after—shows only records that are after this value (for example, time)

oShow lower—Shows only records, which value is lower than this particular one

oShow higher—Shows only records, which value is higher than this particular one