Skip to main content

Endpoint Exclusions

You can exclude endpoints that are frequently flagged as malicious but are intended for legitimate use. See Exclusions for more information.

Server vs. Workstation

We automatically classify endpoints as either “Server” or “Workstation” based on the operating system. This is done to help with triaging and automation rules. This is not currently configurable, if you would like to change the classification for an endpoint please contact support.

Critical Assets

Critical assets are part of our Detection Integrations and allow us to automatically identify systems of importance within your organization. These would commonly be systems with special organizational or technological privileges such that when a detection is ingested in relation to them should get special handling.

Critical Asset Automations

You can configure custom critical asset identification rules underneath Assets > Endpoints. Create a search query that identifies the critical assets you want and click “Create Critical Asset Automation”. Any new or existing assets matching that query will be automatically marked as a Critical Asset.

Containment

More information about endpoint containment can be found here.