Endpoints
All endpoints available in your detection integrations are ingested into Wirespeed and correlated across cases. This allows you to identify repeat offenders over time, add special handling for high value assets, and provide Wirespeed more context for case triaging.
Endpoint Exclusions
You can exclude endpoints that are frequently flagged as malicious but are intended for legitimate use. See Exclusions for more information.
Server vs. Workstation
We automatically classify endpoints as either “Server” or “Workstation” based on the operating system. This is done to help with triaging and automation rules. This is not currently configurable, if you would like to change the classification for an endpoint please contact support.
High Value Assets (HVA)
High Values Assets are part of our Detection Integrations and allow us to automatically identify systems of importance within your organization. These would commonly be systems with special organizational or technological privileges such that when a detection is ingested in relation to them should get special handling.
HVA Automations
You can configure custom HVA identification rules underneath Assets > Endpoints. Create a search query that identifies the HVAs you want and click “Create HVA Automation”. Any new or existing assets matching that query will be automatically marked as a HVA.
Containment
More information about endpoint containment can be found here.