Administrator Guide
Table Of Contents
● Options - Provides a way to integrate with Security Information Event Management (SIEM).
● Certificate - Allows certificate upload. After upload, certificates display on the Global List tab and can be Safe listed.
Tables on the tabs can be organized in these ways:
● Add or remove columns from the table - Click the arrow next to any column header, select Columns, then select the
columns to display. Clear the check box of columns to hide.
● Sort the data - Click a column header.
● Group by a column - Drag the column header up until it turns green.
Advanced Threat Events tab
The Advanced Threat Events tab displays information about events for the entire enterprise based on information available in
the Dell Server.
The tab displays if the Advanced Threat Prevention service is provisioned and licenses are available.
To export data from the Advanced Threat Events tab, click Export and select Excel or CSV file format.
NOTE: Excel Files are limited to 65,000 rows. CSV has no size limit.
Cylance Score and Threat Model Updates
A Cylance score is assigned to each file that is deemed Abnormal or Unsafe. The score represents the confidence level that the
file is malware. The higher the number, the greater the confidence.
The predictive threat model used to protect devices receives periodic updates to improve detection rates.
Two columns on the Protection page in the Management Console show how a new threat model affects your organization.
Display and compare the Production Status and New Status columns to see which files on devices might be impacted by a
model change.
To view the Production Status and New Status columns:
1. In the left pane, click Populations > Enterprise.
2. Select the Advanced Threats tab.
3. Click the Protection tab.
4. Click the down-arrow on a column header in the table.
5. Hover over Columns.
6. Select the Production Status and New Status columns.
Production Status - Current model status (Safe, Abnormal or Unsafe) for the file.
New Status - Model status for the file in the new model.
For example, a file that was considered Safe in the current model might change to Unsafe in the new model. If your organization
needs that file, you can add it to the Safe list. A file that has never been seen or scored by the current model might be
considered Unsafe by the new model. If your organization needs that file, you can add it to the Safe list.
Only files found on device in your organization and that have a change in its Cylance Score are displayed.
Some files
might have a Score change but still remain within its current Status. For example, if the Cylance Score for a file goes from 10
to 20, the file status may remain Abnormal and the file displays in the updated model list (if this file exists on devices in your
organization).
Compare Current Model with New Model
You can now review differences between the current model and the new model.
The two scenarios you should be aware of are:
Production Status = Safe, New Status = Abnormal or Unsafe
● Your Organization considers the file as Safe
● Your Organization has Abnormal and/or Unsafe set to Auto-Quarantine
In the above scenarios, the recommendation is to Safelist the files to allow in your organization.
Identify Classifications
To identify classifications that could impact your organization, Dell recommends the following approach:
1. Apply a filter to the New Status column to display all Unsafe, Abnormal, and Quarantined files.
2. Apply a filter to the Production Status column to display all Safe files.
3. Apply a filter to the Classification column to only show Trusted - Local threats.
Trusted - Local files have been analyzed by Cylance and found to be safe. Safelist these items after review. If you have a lot of
files in the filtered list, you may need to prioritize using more attributes. For example, add a filter to the Detected By column to
Threats
15