Endpoint Next-Gen Antivirus powered by Crowdstrike

  • Introduction

    The Crowdstrike-powered Endpoint Next-Gen Antivirus utilises its sensor/agent/installer to identify malicious activities such as ransomware and malware. It intervenes to halt these actions before they can encrypt your files. Therefore, ensure that your employees have installed the agent on their devices. If they haven't, please read on; 

     

     

    Endpoint Next-Gen Antivirus, powered by Crowdstrike, offers comprehensive protection against a wide array of attacks, ranging from common malware to advanced, intricate threats.

     

    This is achieved through CrowdStrike Indicator of Attack (IoA) patterns on the device. These patterns work both when connected to the internet and when not, and they're successful against new and changing forms of ransomware that commonly slip past older antivirus systems.

     

    This page showcases three sections featuring various widgets:

    1. Connect to Console
    2. Activity
    3. Hosts

     

    Connect to Console

    While you have the option to request access to the Crowdstrike console, our SOC team takes charge of the administration and monitoring of your Endpoint Next-Gen Antivirus, powered by Crowdstrike, console as part of our service package.

     

    It's important to note that all the information on this page is sourced directly from the Crowdstrike console.

     

    Screenshot 2023-08-15 at 3.55.16 PM.png

     

    Activity

    The Activity page provides a comprehensive overview of all detection activities within your environments. It includes detailed reporting on:

     

    5.gif

     

    Widgets available for custom dashboard :-

     

    B2aTaqJou9.gif

     

     

    Host

    Host means devices. Read ; host overview. 

     

    6.gif

     

    This host page contains information all devices that have been equipped with Endpoint Next-Gen Antivirus, powered by Crowdstrike. 

     

    Widgets available for custom dashboard:-

     

    DG9yqKmrjo.gif

     

    If you have any questions regarding any of these technical terms, submit new SOC ticket. 

    See more
  • New detections

    With the New Detection, you can closely examine new instances of activities and the methods used, known as tactics, techniques, and procedures (TTP), that are marked as harmful and trigger an alert. This report offers detailed contextual information that includes identifying relevant sources, offering specifics about the attacker, and any other available information about the attack.

     

    Even though there is no action is required from your end, it is still good to understand to know the true meaning of those terms in the detection verification status:-

     

    Detection Status Definition
    New New detection was identified as malicious and has been blocked by the sensor/agent/installer. Yet to be verified by our personnel. 
    In progress Detection verification is being worked on by our personnel and an update will be provided as soon as it is completed, or if more information is required.
    True_positive The detection is a verified legitimate attack that triggers and produces an alarm.
    False_positive The detection is verified as not a real attack.

     

    For further information about the detection, click on "View" under the "Action" section.

    0cTCfhGQ0z.gif

     

    If you have any questions regarding any of these detections, submit new SOC ticket. 

     

    Related reading 

    See more
  • Prevented malware by user and host

    This report allows you to observe the actions that have been thwarted, either by the host or the users. The data shown here is filtered for the past 7 days.

     

    To view instances of prevented malware by user and host, follow these steps:

     

    Step 1 - Open "Prevented Malware by User" and "Prevented Malware by Host":

    Navigate to: Activity > "Prevented Malware by User" or "Prevented Malware by Host".

     

    BpLlPbuxoV.gif

     

    If you have any questions regarding any of these action, submit new SOC ticket. 

    See more
  • SHA-Based Detections

    SHA is the acronym for Secure Hash Algorithm, used for hashing data and certificate files. Every piece of data produces a unique hash that is thoroughly non-duplicable by any other piece of data. 

     

    This detection needs validation from our Security Operation Centers to determine whether it is a legitimate attack or not. The status of the validation request will be displayed on this page.

     

    Even though there is no action is required from your end, it is still good to understand to know the true meaning of those terms in the detection verification status:-

     

    Detection Status Definition
    New New detection was identified as malicious and has been blocked by the sensor/agent/installer. Yet to be verified by our personnel. 
    In progress Detection verification is being worked on by our personnel and an update will be provided as soon as it is completed, or if more information is required.
    True_positive The detection is a verified legitimate attack that triggers and produces an alarm.
    False_positive The detection is verified as not a real attack.

     

    To view SHA-Based Detections, follow these steps:

     

    Step 1 - Open "SHA-Based Detections":

    Navigate to: Activity > SHA-Based Detections.

     

    jdIb064G51.gif

     

    lqIAyivCZ6.gif

     

    Step 2 - View the list of detections and check the status

     

    If you have any questions regarding any of these detections, submit new SOC ticket. 

     

    Related reading 



    See more
  • Most recent detection

    Through the Most Recent Detection report, you can gain a detailed insight into the latest activities, tactics, techniques, and procedures (TTP) that have been flagged as malicious and triggered an alarm. This report offers contextualized information, including attribution when applicable, and provides comprehensive details about the attacker and any additional information available about the attack.

     

    To view the Most Recent Detection that has set off an alarm in your ArmourZero platform, follow these steps:

     

    Step 1 - Open "Most Recent Detection":

    Navigate to: Activity > Most Recent Detection.

     

    Step 2 - View "Tactic and Technique"

    Hover your mouse to (!) to read more on the detection details.

     

    Step 3 - Scroll to the right and click on View to expand the detection for additional details. 

    A further details execution report will be open. The additional details will be shown on your screen for your reference. 

     

    4dxktiiaZo.gif

    WMffJpL596.gif

    Wwrj2Ojwxz.gif

     

    If you have any questions regarding any of these detections, submit new SOC ticket. 

    See more
  • Detections by tactics

    This "Detection by Tactic" report provides a detailed view of the most detected activities, tactics, techniques, and procedures (TTP) flagged as malicious, resulting in alarms. This report offers contextual information, including relevant attributions, providing details about the attacker and other known attack-related information.

     

    Tactics refer to the overall strategies used by threat actors to infiltrate valuable systems and data. In simpler terms, tactics outline the "how" of cyber attacks.

     

    To view the "Detection by Tactic" report, which presents these details in a graph view categorised by tactics and filtered for the past 7 days, follow these steps:

     

    Navigate to: Activity > Detection by Tactic.

     

    0EBqPmupIG.gif

     

    If you have any questions regarding any of these detections, submit new SOC ticket. 

    See more
  • Host overview

    A host is any physical hardware or device equipped with the ability to grant network access through means such as a user interface, specialized software, network address, protocol stack, or other methods.

     

    The host overview dashboard provides a concise overview of all hosts and includes the following information:

    • Total number of online operating systems (hosts).
    • Total number of offline operating systems (hosts).
    • Number of contained hosts.
    • Count of installed sensors/agents/installers.
    • Policies associated with the installed sensors/agents/installers.
    • Domain name (if applicable).
    • Information about pod hosts (if applicable).
    • Prevented policies.
    • Sensor update policies.

    Click on any host that you would like to see the details. If you have any questions regarding any of these host, submit new SOC ticket. 

     

    NgXYsSaiee.gif

     

    2.gif

    See more

Get in touch

image

Email us

Reach out to our team on any matters

image

Request demo

Schedule a personalised demo

image

Start for free

Sign up for free

Can't find what you're looking for?

Have you any question which is not answered?