Using the Endpoint Protection Dashboard

This article discusses how to use the Endpoint Protection (EPP) Dashboard to get a quick overview of threats detected by EPP in your network.

Overview

The EPP Dashboard lets you view the malicious and suspicious threat activity in your network detected by the EPP engines. The page contains a number of widgets that provide visibility for threat activity and the impacted users. The page also lets you add items to the threats filter to drill-down and focus on the relevant threat data and events in your account. For more information about Cato's EPP solution, see Getting Started with Cato's Endpoint Protection.

Getting Started with the EPP Dashboard

The Threats Dashboard page shows the total threat activity over the time range.

EPP_Dashboard.png

Name

Description

Total Endpoints

The number of endpoints protected by Cato's EPP solution.

Assigned Licenses

The percentage of of EPP licenses that have been used.

Total Threats Found

The number of threats found on all endpoints.

Total Files Quarantined

The number of files quarantined on all endpoints.

Time Range

The time range applied to the page.

Top Threats

The most common threats detected on your endpoints.

Threats per Day

The number of threats detected per day.

Threats by Detection Engine

The number of threats detected by each EPP detection engine.

Top Threatened Users

The users with the highest number of threats detected on their endpoint.

Top Malicious Files

The most common malicious files detected on your endpoints.

Top Malicious Hashes

The most common file hashes detected on your endpoints.

Version Distribution per Endpoint

The number of each EPP agent version installed on your endpoints.

Filtering the EPP Dashboard

You can choose to filter the data in the EPP Dashboard by automatically updating the filter with the selected item, or manually configuring the filter.

Automatically Filtering or Excluding an Item

As you hover over an item or field where a filter option is available, the menu icon (TD_Filter.png ) appears. Click the icon and select Add to Filter or Exclude from Filter.

The EPP Dashboard now displays data based on your selection. For example, in the Threats by Detection Engine widget, if you add Anti-Malware to the filter, the dashboard only displays analytics and data from threats detected by the Anti-Malware engine.

To continue to add or exclude items to the filter, click the menu icon (TD_Filter.png) again to update the filter and drill-down further.

Manually Configuring the Filter

You can manually configure the filter for greater granularity to analyze threats on your endpoints. After you configure the filter, it is added to the filter bar and the dashboard is automatically updated to show the analytics and data to match the new filter.

To create a filter:

  1. In the filter bar, click the plus button (add.png).

  2. Start typing or select the Field(s).

  3. Select the Operator, which determines the relationship between the Field and the Value you are searching for.

  4. Select the Value.

  5. Click Add filter.

Clearing the Filter

You can remove each item in the filter separately, or clear the entire filter.

To clear the filters:

  1. To clear a single filter, click remove.png next to the filter.

  2. To clear all the filters, click X at the right end of the filter bar.

Viewing Events from the EPP Dashboard

To further analyze threats identified by EPP, you can view the events for items within a widget. For example, you can view the events of a threatened user.

To view event from the EPP Dashboard:

  1. Click the menu icon (TD_Filter.png ) next to the item you are viewing the events of.

  2. Click View Events.

    The Events page is displayed with a pre-defined filter of item and time frame from the EPP Dashboard.

Was this article helpful?

0 comments

Add your comment