AMP4EP Flashcards
File Fetch
is used to extract the files so that they can be analyzed by ThreatGrid
Application Interface (API)
The API is a set of programmatic interfaces that allow you to access the data and events in your account without logging into the Console.
Cognitive Threat Analytics (CTA)
Records any incidents that occur on computers that don’t have an AMP for Endpoints connector installed.
* Detects/Records breaches by analyzing web traffic from all devices on the network even if they don’t have AMP4EP connector on the device.
Auto Analysis for Low Prevalence
Finds rare executables (.exe) that are only on a few machines and submit to TALOS if they look suspicious
* Can submit up to 80 auto and 20 manual (files) per day
Simple Custom Detection List
is similar to a blacklist. These are files that you want to detect and quarantine.
* Not only will SCDL quarantine future files, but through Cloud Recall, it will quarantine instances of the file on any EP in your organization that the service has already seen it on.
Advanced Custom Detection List
are like traditional antivirus signatures, but they are written by the user. These signatures can inspect various aspects of a file and have different signature formats
Exclusion List
is a director, file extension, or threat name that you do not want the AMP for EP connector to scan or convict.
* Exclusions can be used to resolve conflicts with other security products or mitigate performance issues by excluding directories containing large files that are written to frequently like databases.
Device Trajectory
Shows activity on computers that have deployed the AMP for Endpoints Connector. It continuously tracks activity and communications on devices and on the system level. This helps you quickly understand root causes and the chronological history of events leading up to and after compromise.
File Trajectory
Shows the complete lifecycle of each file in your environment from the first time it was seen to the last time, as well as all computers in the network that were affected. So, you can get better visibility and reduce the time required to scope a malware breach.
Blacklisting
Blocking access to particular known threats or vulnerabilities but also those that are deemed inappropriate within a given organization
Cloud Access Security Broker
Acts as a gatekeeper, allowing the organization to extend the reach of their security policies beyond their own infrastructure.
Command and Control Callbacks
Centralized machines that are able to send commands and receive outputs of machines (part of a botnet). They have the ability to leak data and can be hard to identify on an endpoint.
DNS (Domain Name System)
Naming system for computers, services, or other resources connected to the Internet or a private network. It’s responsible for the translation of domain name to their respective IP addresses.
IPS
Intrusion Protection System (essentially the “Alarm System” for your network)
Lightweight connector
Means that there is minimal/negligible impact on performance (such as CPU usage).
