Computers

A view that is the most similar to the ESET PROTECT shows the company structure, synced from the ESET PROTECT, and details about each computer.

Status is displayed not from the perspective of functionality problems (like in ESET PROTECT) but from the perspective of the highest severity unresolved detection currently present on the machine.

Other columns showing details about the number of detections per severity and the number of unique detections allow security teams to start a “computer-centric” investigation. Focus on the computers with the highest rate/severity/frequency of detections that might indicate either a false positive to be resolved or an acute need for further investigation.

You can view active / resolved detections, their priorities, detected/executed executables, scripts, and even dig into the raw events, in which you can navigate for the period that is kept within the EEI DB.

On computers, you can quickly perform actions, like initiate reboot/shutdown of the computer.

 

When you click the name of the computer, the Computer Details displays.

Right-click computer name or left click anywhere else on the row, brings up a context menu with the following options:

Details—the same as Computer Details when clicking the name of the computer

Details (New Tab)—you are redirected to Computer Details, but in the new tab

Terminal—you are redirected to the Terminal tab

Detections—you are redirected to the Detections tab

Executables—you are redirected to the Executables tab

Scripts—you are redirected to the Scripts tab

Events—you are redirected to the Events tab

Send wake-up call—sends the Wake-Up command to force the computer to send all events since the last connection. You can also use the button at the bottom of the screen

Reboot—sends the command to reboot the computer. You can also use the button Power at the bottom of the screen

Shutdown—sends the command to shut down the computer. You can also use the button Power at the bottom of the screen

Scan—sends the command to Endpoint to start an immediate scan of the computer. You can also use the button Actions at the bottom of the screen

Generate SysInspector Log—as the name says, you can generate the sysinspector log and review it in the computer's details. You can also use the button Actions at the bottom of the screen (available only for Windows)

Isolate from network—the computer is isolated from the network (only connections between ESET security products are available). You can also use the button at the bottom of the screen (only for Windows endpoints; File Security from 7.2.12003.0)

End network isolation—ends up the isolation from the network. You can also use the button at the bottom of the screen (only for Windows endpoints; File Security from 7.2.12003.0)

Open in ESET PROTECT—navigates you to the ESET PROTECT Server Web Interface. You can also use the button at the bottom of the screen

Tags—used to tag the computer. After choosing this option, a new window for tag edition opens. In the Select field, you can type a new tag or select an already existing one. You can also use the button at the bottom of the screen to show the list of assigned tags

Display Absolute/Relative Time—absolute time will show the time in format DD/MM/YYYY HH:MM:SS. Relative time will show the time in the format minutes/hours/months in relation to present time, like "15 minutes ago" or "6 days ago"

Filter—you can find these quick filters, depending on the column in which you activated the context menu:

oShow only this—shows only records, based on this particular value

oHide this—hides all records based on this particular value

oShow before—shows only records that are before this value (for example, time)

oShow after—shows only records that are after this value (for example, time)

oShow lower—shows only records, which value is lower than this particular one

oShow higher—shows only records, which value is higher than this particular one

 

By default, you can filter the computers by the following:

1.Status (Threat, Warning, Info, OK, Unmonitored)   Computers_Status

2.Tags

3.Subgroups—when selected, the list will also be filled with computers from the subgroup of the selected group

4.Additional filters

 

Status

There are five statuses:

Threat Alarm_Severity_Threatdetection(s) with threat severity present on this computer

Warning Alarm_Severity_Warningdetection(s) with warning severity present on this computer

Info Alarm_Severity_Infodetection(s) with info severity present on this computer

Ok Executables_Status_Okno detections were triggered on this computer, or all are resolved

Unmonitored Executables_Status_UnmonitoredEI Agent is not installed on this computer. (EEI know about this computer because the ESET PROTECT sent it from an Active Directory)

Tags

Tagging is an additional form of filtering that can connect multiple objects through multiple views (computer, executable, event filter, etc.). If available, the tag icon Tag_Panel is on the left side, next to the name of the view. In the Computers view, the tag panel can be accessed by clicking the Three_dots icon. In the opened tag panel, all created tags are listed and ready to use. If the list of tags is already too long, you can use the magnifying glass to search for a specific tag. At the top of the screen, the TAGS selector can be used to select the desired tags. If available, the user can use also TAGS button located at the bottom of the screen among action buttons.

Additional filters

The additional filters are accessible by clicking the ADD FILTER button or clicking on a space next to the add filter button, where the list of available filters shows. The user can search filter by typing its name or selecting from the list. For the definitions of the additional filters, follow here.

Some of the filters have a funnel icon next to them with two or four possible predefined options:

Unknown—the value in the filtered column is not available (probably not a known value at the time of occurrence)

Known—the value is available

None—value is an empty string

Any—the value is not empty. The negation of None filter

If present on the screen you, can refresh the table by clicking the refresh iconAlarms_Refresh. If available, the export icon Export_CSV can be used to export the table grid to CSV format and use it in other applications to work with the list.

If present, click the PRESETS button to manage filter sets. These options are available:

Save filters—allows you to save the actual filter set. Select the check box Include the visible columns and sorting to save also this setting of your selection, otherwise when loading saved filter without this option selected will end up by showing you the default column setting

Reset filters—resets active filter and return to default filter setting with default column setting

Reset view—resets the active view without resetting the filter set

Manage—allows you to manage your filter sets

Save Filters as Rule—if available, allows you to save the filter as a rule. You can find it then in the list of rules under the Detection rules sub-tab of the admin tab

Columns

Columns can be reorganized by using the Columns_Move icon that appears on the right side of the column name when you hover the mouse over the column name.

The width of the column can be re-sized by the Column_Resize icon that appears on the left side of the column name when you hover the mouse over the column name.

The order of the columns can be organized by clicking the name of the column:

Default (No icon)

Ascending Column_Ascending

Descending Column_Descending

You can change which columns are displayed after clicking the gear icon and selecting the Select column option, or you can reset the view to default by clicking the Reset columns option. You can use Enter quick search pattern—here, you can search for the column by typing its name or a couple of letters from it. Useful if the list of columns is long. For the definitions of the columns follow here.