Print Friendly, PDF & Email

The admin or IR creates rules using certain indicators to track suspicious security events on host computers. These events may be related to system processes, files, IP address, registry keys or many other indicators. When you create a rule, you define the conditions that must be met for the selected indicators. After the rule is saved and applied, whenever the activities on any endpoint matches with the indicators given in any rule, an alert is generated and displayed on the Seqrite HawkkHunt console. An endpoint can have more than one alert. Similar alert can get generated on multiple endpoints. An admin or IR may create multiple rules and apply, thereby creating many alerts for a single host. A host may have a number of alerts generated which may be of high, low or medium severity.

Was this page helpful?