Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.wirespeed.co/llms.txt

Use this file to discover all available pages before exploring further.

Wirespeed does not provide a manual control to pick which user is assigned to an endpoint. User–endpoint associations are created automatically when your endpoint management, EDR, or MDM integrations sync device inventory and include which directory user belongs to each device (for example primary or last-logged-on user). Those users must already exist in Wirespeed from your directory integrations; the user identifiers from the endpoint source need to match the users synced from your directory. If Related users is empty for many endpoints, check that your directory and device integrations are connected and syncing, and that your vendors expose user–device mapping to Wirespeed. Some systems (for example servers or shared devices) may not report a single assigned user. If you expect mappings and still see none, contact support with your integration types.

Endpoint Exclusions

You can exclude endpoints that are frequently flagged as malicious but are intended for legitimate use. See Exclusions for more information.

Server vs. Workstation

We automatically classify endpoints as either “Server” or “Workstation” based on the operating system. This is done to help with triaging and automation rules. This is not currently configurable, if you would like to change the classification for an endpoint please contact support.

Critical Assets

Critical assets are part of our Detection Integrations and allow us to automatically identify systems of importance within your organization. These would commonly be systems with special organizational or technological privileges such that when a detection is ingested in relation to them should get special handling.

Critical Asset Automations

You can configure custom critical asset identification rules underneath Assets > Endpoints. Create a search query that identifies the critical assets you want and click “Create Critical Asset Automation”. Any new or existing assets matching that query will be automatically marked as a Critical Asset.

Containment

More information about endpoint containment can be found here.