MXDR ADAPT is a flexible feature created to provide customers and resellers with the ability to tailor MXDR's integration to meet their unique requirements.
By the end of this article, you will know:
1. What is MXDR ADAPT
2. How to access MXDR ADAPT
3. User Recommendations
4. Configuration Options Available
5. A guide to permissions
What is MXDR ADAPT?
MXDR ADAPT enables users to determine the extent of involvement and action they wish for MXDR Security Engineers to have across their modules, in the event of a P1 or any other kind of incident.
Accessing MXDR ADAPT:
MXDR ADAPT can be accessed via the Heimdal Dashboard. To find this feature, navigate to the 'Guide' section and click on the 'MXDR Permissions' tab.
User Recommendation:
For optimal communication, we highly recommend users fill in the Contact details section. This information will be utilized by our MXDR Engineers to establish contact in critical situations, ensuring swift and effective communication when it is most needed.
For Direct Customers:
Direct customers can decide how they prefer MXDR to respond to each module they have. They can opt for:
- Allow MXDR to Action: MXDR Security Engineers will intervene and resolve security issues without customer interaction.
- Notify Customer: MXDR Security Engineers will notify the customer of any issues, allowing them to take action as they see fit.
For Resellers:
Resellers can define their preference for the response from MXDR Security Engineers for each module. They can select:
- Allow MXDR to Action: MXDR Security Engineers will directly address and resolve any security issues.
- Notify Customer: MXDR Security Engineers will reach out to the end customer directly to address the issue.
- Notify Reseller: MXDR Security Engineers will inform the reseller about the detected issue, leaving it to their discretion to decide the subsequent steps or actions to be
Permissions Walkthrough:
XTP
Add file to AppControl block rules
Allows the MXDR Team to add a file listed in an XTP alert to the AppControl block rules.
Quarantine File
Allows the MXDR Team to quarantine a file detected by the XTP Module.
Add domain to DNS Security blocklist
Allows the MXDR Team to add a domain detected by the XTP Module to the DNS Security blocklist.
Isolate endpoint
Allows the MXDR Team to isolate an endpoint on which there are XTP detections.
Add IP to Firewall block rules
Allows the MXDR Team to add an IP detected by the XTP Module to the Firewall block rules
Add port to Firewall block rules
Allows the MXDR Team to add a port detected by the XTP Module to the Firewall block rules.
Call logs to dashboard
Allows the MXDR Team to request the logs of an endpoint on which there are XTP detections.
Start remote session
Allows the MXDR Team to start a remote session on the endpoint on which there are XTP detections.
Call file to dashboard
Allows the MXDR Team to request to download a file that has been detected by the XTP Module.
Resolve
Allows the MXDR Team to change the status of an XTP detection to “Resolved”.
VectorN
Uninstall application
Allows the MXDR Team to uninstall an application detected by the TTPC in a VectorN detection.
Quarantine file
Allows the MXDR Team to quarantine a file application detected by the TTPC in a VectorN detection.
Call logs to dashboard
Allows the MXDR Team to request the logs of an endpoint on which there are VectorN detections.
Suppress detection
Allows the MXDR Team to suppress a pattern detected by the VectorN module. This will exclude/hide the pattern for 30 days.
Call file to dashboard
Allows the MXDR Team to request the download of a file that was detected by the TTPC in a VectorN detection.
Resolve
Allows the MXDR Team to set the status of a VectorN detection to “Resolved”.
3rd Party Patch Management
Install application
Allows the MXDR Team to install an application on an endpoint for which 3rd Party Management is turned on.
Add file to a AppControl block rules
Allows the MXDR Team to add an application listed in the 3rd Party Management module to the AppControl block rules.
Uninstall application
Allows the MXDR Team to uninstall an application listed in the 3rd Party Management module.
Resolve
Allows the MXDR Team to set the status of an alert generated by the Patch Management module in the Threat Action Centre to “Resolved”.
OS Updates
Install application
Allows the MXDR Team to install an OS Update to the endpoints on which it is available.
Call logs to dashboard
Allows the MXDR Team to request the logs of an endpoint listed in the OS Updates module.
Resolve
Allows the MXDR Team to set the status of an alert generated by the OS Updates module in the Threat Action Centre to “Resolved”.
Next-Gen Antivirus
Restore file
Allows the MXDR Team to restore a file that has been quarantined by the NGAV module.
Quarantine file
Allows the MXDR Team to quarantine a file that has been detected by the NGAV module but with a different resolution.
Add to NGAV allowlist
Allows the MXDR Team to add a file that has been detected by the NGAV module to the allowlist.
Call file to dashboard
Allows the MXDR Team to request the download of a file that has been detected by the NGAV module.
Resolve
Allows the MXDR Team to set the status of an NGAV alert to “Resolved”.
Ransomware Encryption Protection
Add to REP allowlist
Allows the MXDR Team to add a process detected by the REP module to the allowlist.
Isolate endpoint
Allows the MXDR Team to isolate an endpoint on which there has been a REP detection.
Call file to dashboard
Allows the MXDR Team to request the download of a file that has been detected by the REP module.
Resolve
Allows the MXDR Team to set the status of a REP alert to “Resolved”.
Firewall
Isolate endpoint
Allows the MXDR Team to isolate an endpoint on which there has been a Brute Force Attack detection.
Add IP to Firewall block rules
Allows the MXDR Team to add an IP detected by the Firewall Module to the Firewall block rules.
Call logs to dashboard
Allows the MXDR Team to request the logs of an endpoint on which there are Brute Force Attack detections.
Start remote session
Allows the MXDR Team to start a remote session on the endpoint on which there are Brute Force Attack detections.
Resolve
Allows the MXDR Team to set the status of alerts generated by the Firewall module to “Resolved”.
See also: What is MXDR?