Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Client Playbook: Deploying mEDR

            Introduction

            Welcome to Field Effect! As a new MDR Complete client, it can now be deployed, which involves seven phases.  This playbook provides an overview of each phase.


            By this point, you should have received our welcome email and (if using a physical appliance) received some shipping information. To learn more about these pre-deployment communications, see Understanding Your Deployment.


            This article covers the following topics:

            TABLE OF CONTENTS


            Deploying mEDR

            The following sections provide a high-level description of each deployment phase, along with links to more in-depth Help Center articles for more assistance.


            When logging into the MDR Portal for the first time, you will have the opportunity to use the in-app onboarding wizard, which will walk you through many of the phases included in this playbook. If you dismissed the onboarding wizard, want to reference the steps of a deployment, or access to Help Center articles with more details on a specific topic, see the sections below.


            Access the MDR Portal & Invite Users

            The Field Effect MDR Portal is at the center of your deployment, as it is where you will interact and configure your service. Your admin contacts will be given immediate access to their organization in the MDR Portal. They can then invite new users via their email. 


            Once invited, other uses will be granted permission to create MDR Portal accounts, where they can access AROs, view configurations, and more (depending on their permission level). 


            For help completing this phase, you may wish to also learn about:


            The following video walks through the account creation process: 



            Set Up the MDR Portal

            The following video walks through the process of setting up the portal. 



            Complete Your Organization’s Monitoring Profile

            Your monitoring profile is part of the Service Profile page, and it contains details that help Field Effect better understand, contextualize, and characterize the activity being monitored. Add your organization's web domains, email domains, Public IPs, and (geographical) staff locations to this profile.


            For help completing this phase, you may wish to also learn about:


            The following video provides an overview of the Monitoring Profile and how to set one up:



            Set up Active Response

            Active Response lets you define how aggressively Field Effect MDR, and our security analysts, respond to threats. This is defined through your response policy, which should align with your organization's tolerance for risk and downtime.

            There are four response policy levels available (Off, Limited, Balanced, and Aggressive), and we apply the Balanced policy to new organizations by default.


            Each response policy can be modified with custom exclusions (example: "never isolate host X."), and we encourage you to tailor your response policy to suite your organization's risk tolerance - especially while deploying the service.  


            For more on Active Response, visit:


            While deploying Field Effect MDR, Active Response will be set to "notify only" mode for first two weeks of the service being deployed. This allows Field Effect MDR, and our security analysts, to establish a baseline for your organization's activity. While in notify only mode, you will still be alerted on any suspicious activity, and after the baseline is established, the Balanced profile will be enabled and respond to threats accordingly.


            The following video outlines Active Response as a feature, and how to set a response profile.



            Conclusion

            After completing the process, you can really begin to take advantage of Field Effect.

            Learn more about using Field Effect post-deployment:

            • Chapter – AROs: every threat and vulnerability Field Effect detects is reported to you via an ARO (Action, Recommendation, or Observation). This chapter covers the concept of AROs and how to work with them.

            • Chapter – Reports & Analysis: the MDR Portal’s Reports & Analysis section houses several dashboards for various aspects of your threat surface. This chapter introduces you to each dashboard, and how to navigate them.

            • Chapter – SEAS: as a Field Effect user, you have access to the Suspicious Email Analysis Service (SEAS). Any time you or your colleagues receive a suspicious email, you can send it to SEAS and receive a full report in the MDR Portal about the submitted email.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0