Verbose mode

Verbose mode enables a small number of computers on the network to generate extended telemetry for a limited period of time. You can then analyze this information to evaluate which security software components are in use when an IOA is generated.

Verbose mode is essentially used to evaluate the capabilities of security software in a test environment, where attacks on the IT infrastructure are simulated.

To see both normal and extended telemetry, see the Investigation section (5).

Verbose mode requirements and limitations

Verbose mode collects a large quantity of telemetry from all computers configured in this mode and sends it to the cloud. To avoid impacting performance, Advanced EDR implements these restrictions:

Maximum number of computers simultaneously configured in Verbose mode: 20 computers.
Maximum duration of Verbose mode: 7 days.
Verbose mode can only be enabled on computers in Audit mode.
Verbose mode is only available on Windows computers.

The requirements for assigning Verbose mode to a computer are:

Configure security for workstations and servers permission. See Managing roles and permissions
Audit mode assigned. See Audit mode.

Enabling and disabling Verbose mode

Make sure the computer has a Workstations and servers settings profile assigned and Audit mode enabled. If the computer does not meet this requirement, Verbose mode is not available. See Audit mode.

To enable Audit mode:

List of computers filtered by Windows platform

From the top menu, select Computers. The Computers page opens.
From the side panel, select the Filters tab . A list opens that shows all configured filters.
Select a filter that shows Windows computers (for example Windows). The list updates to show all managed computers.
To open the context menu for the computer where you want to configure Verbose mode, click the icon.
Select Verbose mode . The Enable Verbose mode dialog box opens.
From the drop-down menu, select the duration of Verbose mode.
Click Enable Verbose mode. The icon appears next to the computer in the list.

To disable Verbose mode:

From the top menu, select Computers. The Computers page opens.
Select a filter that shows Windows computers (for example Windows). The list updates to show all managed computers.
Click the icon for the computer on which you want to disable Verbose mode. The icon appears next to the computer.
Select Disable Verbose mode . The icon disappears.

Viewing computers in Verbose mode

Computers in Verbose mode appear in the list with the icon.

To list only computers in Verbose mode, create a filter:

Computers filtered by Verbose mode

From the top menu, select Computers. The Computers page opens.
From the side panel, select the Filters tab . A list opens that shows all configured filters.
In the Operating system folder, click the icon. A context menu opens.
Select Add filter, The Add filter dialog box opens.
In the Name text box, type a name for the filter.
From the Select a category drop-down menu, select Computer.
From the Select a property drop-down menu, select Verbose mode.
From the Select an operator drop-down menu, select is equal to.
From the Select a value drop-down menu, select True.
Click Add. The filter is created and applied to the list of computers, showing only those with Verbose mode enabled.