Indicators of attack settings

In cyberattacks that target companies, hackers try to break through security defenses by deploying a series of coordinated actions. These actions take place over long periods of time and use multiple strategies and infection vectors. Many such actions may appear innocuous individually but, taken as a whole, they can be part of an ongoing cyberattack.

The Advanced EDR basic user license includes a cross-threat hunting service. This service inspects the data flow sent by the security software installed on a customer computers by using advanced automated analysis technologies to identify indicators of attacks in progress. Finally, a team of specialists (hunters) sift through these indicators which are represented on the administrator console as IOA (Indicators of Attack) detections.

An IOA detection is an indicator shown on the Advanced EDR administrator console when a pattern of events likely to belong to a cyberattack is detected. It could therefore act as an early warning of an infection, alerting the administrator to a potential attack in progress, though it could also be an alert of a cyberattack that has managed to penetrate the company defenses.

Because the existence of an IOA detection can reveal the existence of an imminent danger, Advanced EDR enables the launching of an automatic response to minimize the attack surface.

For more information about the indicators of attack module, see:

Creating and managing settings profiles: Information about how to create, edit, delete, or assign settings profiles to the computers on your network.
The management console: Information about how to manage user accounts and assign permissions.
Managing lists: Information about how to manage lists.