-
Is Field Effect a SIEM?
-
What events are collected by Field Effect?
-
Audit Policy Requirements for Field Effect MDR
-
Can Field Effect ingest application logs?
-
Does Field Effect protect against log tampering by the originator?
-
Can Field Effect store (retain) logs for a required period?
-
Do Field Effect logs go through an analytic process?
-
Can Field Effect collect logs from all sources?
-
What is a One-day, n-day, and zero-day vulnerability?
-
Do you recommend disabling SMTP, IMAP and POP protocols in Office 365 for regular users?
-
How does Field Effect leverage AI/ML?
-
What are Field Effects thoughts on the use of AI?
-
What is the Field Effect Business Continuity Plan (BCP)?
-
What does Field Effect MDR do at a high level?
-
Does Field Effect use Sysmon and if so, how is it configured?
-
What technology underpins your NIDS?
-
Does Field Effect isolate my entire network?
-
How does Field Effect protect my data and information?
-
Glossary
-
Field Effect and SIEMs
-
Why was an ARO notification late?
-
What is an "Impossible Travel" scenario?
-
ARO: Suspected Typosquat Domain Detected
-
What's the difference between Resolving and Dismissing an ARO?
-
ARO: Removable Drive Detected
-
ARO: Secure Shell (SSH) Brute Force Attempt Detected
-
ARO: Tools for Remote Administration Detected on your Network
-
ARO: Audit Log was Cleared
-
ARO: New Administrative Account Detected
-
ARO: Insecure Encryption Supported by Server
-
ARO: Hosts Observed Without Field Effect Agent Installed
-
ARO: User Authentication Detected
-
Which remote control software do you monitor for?
-
Can I manage the travel itinerary for a user?
-
ARO: New Server detected
-
I dismissed an ARO but I just received it again!
-
Azure alerted me to a "User at risk detected", but Field Effect didn't send me an ARO?
-
ARO: Legacy Authentication Protocol Detected
-
Should I have MFA setup on a no-reply mailbox?
-
ARO: Malware Detected on SharePoint
-
Why didn't I get an ARO for a very high CVE
-
How do I disable DES and RC4 on my Domain Controller
-
ARO: Microsoft Windows Support Diagnostic Tool Remote Code Execution Vulnerability
-
ARO: VPN Authentication Detected
-
ARO: Email Domain Protection Recommendations
-
ARO: Vulnerable Software Detected - Overview
-
ARO: RDP Protocol Observed
-
Will users be able to login if a computer is isolated?
-
Can Field Effect MDR send an automated email to our ticketing systems when a computer is isolated?
-
What is the process to remove isolation and restore network connectivity to affected system in case of false positive? Can I do it myself?
-
How long would Field Effect take to notice an end point was infected with RansomWare?
-
What if my organization has another EDR service or solution with blocking capabilities?
-
How can I manage Active Response for a single endpoint?
-
Why is Active Response showing as "Off" after I set a policy?
-
Does the DNS firewall work with Chromebooks?
-
Do I need to worry about attacks on our Firewall?
-
Troubleshooting DNS Firewall
-
Looking Up Domains for the DNS Firewall
-
Error: The organization name already exists in the DNS Firewall Service
-
Partners: What are the Impacts of Removing a User from the Default DNS Policy?
-
Troubleshooting the Endpoint Agent
-
What Endpoint agents are currently available?
-
Troubleshooting manual endpoint installation issues for Windows
-
Troubleshooting manual endpoint installation issues for QNAP
-
Why am I getting the error "Missing License File"
-
Can I use a different license.key after I have installed an agent?
-
How can I stop users uninstalling the Field Effect endpoint agent?
-
Access the Windows Command Prompt as an administrator
-
Why can't I see a new Endpoint in the MDR Portal?
-
How do I remove a device from the Endpoint Devices page?
-
Am I running Windows 32-bit or 64-bit?
-
Using Field Effect MDR alongside other Security Solutions & AVs
-
What is the refresh time for an endpoint agent?
-
Windows Events Logged by the Endpoint Agent
-
Can I move endpoints between my clients?
-
Does Field Effect do any type of Windows Event Log archiving or collection?
-
Where are the logs stored?
-
What’s the price to store logs for longer than 90 days?
-
How will I be charged?
-
Which data types can be retained?
-
Can I store system logs generated by external systems, like a VPN solution?
-
Can I access the logs that are stored?
-
Is there a best practice recommendation around log sources that should be part of log retention?
-
How does Log Retention affect compliance requirements?
-
Why cant I log into the physical appliance?
-
Troubleshooting Physical Appliances
-
Can I have confidence that my data is safe on an appliance?
-
We need to move the Appliance, what do I need to consider?
-
How does Network Monitoring Work?
-
Where should the appliance be located within my network architecture?
-
What is the difference between an inline and port mirrored install configuration?
-
Should the appliance be in front of or behind my firewall?
-
What happens if the appliance loses power? Won’t my network stop?
-
My router or firewall has multiple physical networks on the LAN side. Can I still use the appliance?
-
Can the appliance monitor internal traffic that does not go to the Internet?
-
Does the appliance accept inbound connections?
-
What does the security key do?
-
How does the appliance deal with VLANs or Network segmentation?
-
How does the Network Capture (PCAP) process work?
-
How is network sizing determined for a client's environment?
-
What are the log retention capabilities of Field Effect MDR?
-
How can I check my physical appliance is operating correctly?
-
Logging into your Physical Appliance
-
What happens to my data when I migrate between appliances?
-
Why would the Field Effect appliance need to access Tor?
-
How can I troubleshoot appliance connectivity issues?
-
Firewall Exceptions for Physical Appliances
-
What happens if the primary appliance is offline?
-
Best Practices: Traffic for Appliances Using the Passive Configuration
-
PSAs - How can I quickly Navigate to the MDR Portal from my Integration?
-
Autotask - The integration card is missing on the Integrations page?
-
Autotask - What happens if I delete an ARO task in Autotask?
-
Autotask - Why was I was notified that my thread threshold is exceeded?
-
ConnectWise - My companies aren’t available for mapping in the MDR Portal?
-
ConnectWise - What if I need to change the name of an organization?
-
ConnectWise - How can I remove unmapped statuses as choices for ARO Statuses?
-
ConnectWise - Why is my URL not seen as being a valid domain?
-
ConnectWise - Can I Move AROs to another Service Board?
-
ConnectWise - As a Partner, how do I deal with offboarding clients?
-
ConnectWise - How do I disable this Integration for a single company?
-
ConnectWise - What if ConnectWise become unreachable?
-
ConnectWise - Why won’t my status changes to AROs in the Portal sync to ConnectWise?
-
ConnectWise - How do I change my ConnectWise board for AROs?
-
ConnectWise - Why aren't my AROs syncing between the MDR Portal and ConnectWise
-
Why am I seeing TOR Project exit nodes in my report?
-
Can I breakdown the Security Events summary in the Weekly Report?
-
Why am I seeing logins from unexpected countries on my Monthly Report?
-
Can I find out more about the Most Resolved Domains listed in the Monthly Report?
-
Can I find out more about the My Network Summary graph?
-
What are the "Beacons" mentioned in a report?
-
As a partner, why am I not receiving reports for one of my clients?