Endpoint Access Enforcement module lists

Accessing the lists

Access the Endpoint Access Enforcement lists as follows:

From the top menu, select Status. From the side menu, select Endpoint Access Enforcement. Click any of the widgets.
From the top menu, select Status. From the side menu, click Add. A dialog box opens with the available lists. Select the Connections identified by Endpoint Access Enforcement list.

Required permissions

Permission	Access to lists
View detections and threats	Connections identified by Endpoint Access Enforcement
Permissions required to access the Endpoint Access Enforcement lists

Connections identified by Endpoint Access Enforcement

This list shows the inbound connections received by computers on the network that meet the conditions configured in the Endpoint Access Enforcement settings. See Endpoint Access Enforcement settings options.

Field	Description	Values
Computer	Name of the target computer.	Character string
Group	Group to which the target computer belongs.	Character string
Remote computer	IP address or name of the connecting computer.	Character string
Risk detected	Status of the connecting computer.	Unmanaged/Unavailable Managed by another account Protection not enabled Medium risk High risk Critical risk
Action	The action that Advanced EDR took on the connection.	Allowed Blocked
Protocol/Port	Protocol/port of the connection.	Numeric value
Occurrences	Number of times the connection was detected in one hour.	Numeric value
Date	Date on which Endpoint Access Enforcement detected the connection.	Date
Context menu	Shows an action menu: View connections for the computer: Shows connections received by the computer in the selected period. View connections for the remote computer: Shows connections established by the selected computer.	Enumeration
Fields in the Connections Identified by Endpoint Access Enforcement list

To view a graphical representation of the list data, see the Programs blocked by the administrator widget.

Fields displayed in the exported file

Field	Description	Values
Client	Customer ID or name.	Character string
Computer type	Type of device.	Workstation Laptop Server
Computer	Name of the target computer.	Character string
Group	Group to which the target computer belongs.	Character string
IP address	Primary IP address of the target computer.	Numeric value
Risk detected	Status of the connecting computer	Unmanaged/Unavailable Managed by another account Protection not enabled Medium risk High risk Critical risk
Protocol	Protocol/port of the connection.	Numeric value
Action	Action taken by Endpoint Access Enforcement on the connection.	Allowed Blocked
Local IP address	IP address of the target computer.	Numeric value
Remote host name	Name of the connecting computer.	Character string
Remote IP address	IP address of the connecting computer.	Numeric value
Local port	Connection port on the target computer.	Numeric value
Remote port	Connection port on the connecting computer.	Numeric value
Date	Date on which Endpoint Access Enforcement detected the connection.	Date
Occurrences	Number of times the connection was detected in one hour.	Numeric value
Fields in the Connections Identified by Endpoint Access Enforcement exported file

Filter tool

Field	Description	Values
Search computer	Search by computer name.	Character string
Computer type	Filters by type of device.	Workstation Laptop Server
Dates	Set a time period, from the current moment back.	Last 24 hours Last 7 days Last month Last year
Action	Filter by the action taken by Endpoint Access Enforcement on the connection.	Allowed Blocked
Risk detected	Filter by the status of the connecting computer.	Unmanaged/Unavailable Managed by another account Protection not enabled Medium risk High risk Critical risk
Protocol	Filter by the connection protocol.	Character string
Filters available in the Connections Identified by Endpoint Access Enforcement list

Connection Details page

In the Connections Identified by Endpoint Access Enforcement list, click a line to open the Connection Details page. The page has three sections:

Computer alerts (1): Shows details of the alert generated by the target computer.
Affected computer (2): Name, IP address, and type of the target computer.
Connection details (3): Summary of the local and remote IP addresses and ports used in the connection, and the number of times the connection was detected.

Breakdown of connection details information

Computer alerts (1)

Field	Description	Values
Detection date	Date the connection was detected.	Date
Risk detected	Status of the connecting computer	Unmanaged/Unavailable Managed by another account Protection not enabled Risk level equal to or greater than: Medium High Critical
Protocol	Protocol/port of the connection.	Numeric value
Action	Action taken by Endpoint Access Enforcement on the connection.	Allowed Blocked
Recommendations	Recommendations for the security administrator of the target computer.	Character string
Computer alert details

Affected computer (2)

Field	Description	Values
Computer	Name of the target computer. If you have permission to view the computer, click it to access the Computer Details page. See Computer details.	Character string
Computer type	Type of device.	Workstation Laptop Server
IP address	Primary IP address of the target computer.	Numeric value
Target computer details

Connection details (3)

Field	Description	Values
Local IP address	IP address of the target computer.	Numeric value
Remote IP address	IP address of the connecting computer.	Numeric value
Local port	Connection port on the target computer.	Numeric value
Remote port	Connection port on the connecting computer.	Numeric value
Occurrences	Number of times the connection was detected in one hour.	Numeric value
Connection details