Endpoint Exclusions

You can exclude endpoints that are frequently flagged as malicious but are intended for legitimate use. See Exclusions for more information.

Server vs. Workstation

We automatically classify endpoints as either “Server” or “Workstation” based on the operating system. This is done to help with triaging and automation rules. This is not currently configurable, if you would like to change the classification for an endpoint please contact support.

High Value Assets (HVA)

High Values Assets are part of our Detection Integrations and allow us to automatically identify systems of importance within your organization. These would commonly be systems with special organizational or technological privileges such that when a detection is ingested in relation to them should get special handling.

HVA Automations

You can configure custom HVA identification rules underneath Assets > Endpoints. Create a search query that identifies the HVAs you want and click “Create HVA Automation”. Any new or existing assets matching that query will be automatically marked as a HVA.

Containment

More information about endpoint containment can be found here.