MXDR ADAPT is a flexible feature created to provide customers and resellers with the ability to tailor MXDR's integration to meet their unique requirements.
By the end of this article, you will know:
1. What is MXDR ADAPT
2. How to access MXDR ADAPT
3. User Recommendations
4. Configuration Options Available
5. A guide to permissions
What is MXDR ADAPT?
MXDR ADAPT enables users to determine the extent of involvement and action they wish for MXDR Security Engineers to have across their modules, in the event of a P1 or any other kind of incident.
Accessing MXDR ADAPT:
MXDR ADAPT can be accessed via the Heimdal Dashboard. To find this feature, navigate to the 'Guide' section and click on the 'MXDR Permissions' tab.
User Recommendation:
For optimal communication, we highly recommend users fill in the Contact details section. This information will be utilized by our MXDR Engineers to establish contact in critical situations, ensuring swift and effective communication when it is most needed.
Configuration Options Available:
- For Direct Customers
Direct customers can decide how they prefer MXDR to respond to each module they have. They can opt for:
- Allow MXDR to Action: MXDR Security Engineers will intervene and resolve security issues without customer interaction.
- Notify Customer: MXDR Security Engineers will notify the customer of any issues, allowing them to take action as they see fit.
- For Resellers
Resellers can define their preference for the response from MXDR Security Engineers for each module. They can select:
- Allow MXDR to Action: MXDR Security Engineers will directly address and resolve any security issues.
- Notify Customer: MXDR Security Engineers will reach out to the end customer directly to address the issue.
- Notify Reseller: MXDR Security Engineers will inform the reseller about the detected issue, leaving it to their discretion to decide the subsequent steps or actions to be
Permissions Walkthrough:
XTP
Exclude
Allows the MXDR Team to exclude a detection from a Group Policy.
Disable Rule
Allows the MXDR Team to disable a rule from a Group Policy.
Quarantine File
Allows the MXDR Team to quarantine a file detected by the XTP Module.
Start remote session
Allows the MXDR Team to start a remote session on the endpoint on which there are XTP detections.
Isolate endpoint
Allows the MXDR Team to isolate an endpoint on which there are XTP detections.
Resolve
Allows the MXDR Team to change the status of an XTP detection to “Resolved”.
VectorN
Quarantine File
Allows the MXDR Team to quarantine a file application detected by the TTPC in a VectorN detection.
Upload to storage
Allows the MXDR Team to upload a TTPC source for analysis.
Suppress detection
Allows the MXDR Team to suppress a pattern detected by the VectorN module. This will exclude/hide the pattern for 30 days.
Upload to storage & Send to Sandbox
Allows the MXDR Team to upload a TTPC source to the Sandbox and investigate it.
Start remote session
Allows the MXDR Team to start a remote session on the endpoint on which there are VND detections.
Isolate endpoint
Allows the MXDR Team to isolate an endpoint on which there are VND detections.
Resolve
Allows the MXDR Team to set the status of a VectorN detection to “Resolved”.
3rd Party Patch Management
Install application
Allows the MXDR Team to install an application on an endpoint for which 3rd Party Management is turned on.
Uninstall application
Allows the MXDR Team to uninstall an application listed in the 3rd Party Management module.
Resolve
Allows the MXDR Team to set the status of an alert generated by the Patch Management module in the Threat Action Centre to “Resolved”.
OS Updates
Install application
Allows the MXDR Team to install an OS Update to the endpoints on which it is available.
Resolve
Allows the MXDR Team to set the status of an alert generated by the OS Updates module in the Threat Action Centre to “Resolved”.
Next-Gen Antivirus
Restore file
Allows the MXDR Team to restore a file that has been quarantined by the NGAV module.
Add to NGAV allowlist
Allows the MXDR Team to add a file that has been detected by the NGAV module to the allowlist.
Quarantine file
Allows the MXDR Team to quarantine a file that has been detected by the NGAV module but with a different resolution.
Upload to storage
Allows the MXDR Team to upload a file for analysis.
Upload to storage & Send to Sandbox
Allows the MXDR Team to upload a quarantined file to the Sandbox and investigate it.
Start remote session
Allows the MXDR Team to start a remote session on the endpoint on which there are NGAV detections.
Isolate endpoint
Allows the MXDR Team to isolate an endpoint on which there has been an NGAV detection.
Resolve
Allows the MXDR Team to set the status of an NGAV alert to “Resolved”.
Ransomware Encryption Protection
Add to REP allowlist
Allows the MXDR Team to add a process detected by the REP module to the allowlist.
Upload to storage
Allows the MXDR Team to upload a blocked file for analysis.
Upload to storage & Send to Sandbox
Allows the MXDR Team to upload blocked files to the Sandbox and investigate it.
Start remote session
Allows the MXDR Team to start a remote session on the endpoint on which there are REP detections.
Isolate endpoint
Allows the MXDR Team to isolate an endpoint on which there has been a REP detection.
Resolve
Allows the MXDR Team to set the status of a REP alert to “Resolved”.
Firewall
Add to Firewall allowlist
Allows the MXDR Team to add an IP detected by the Firewall Module to the Allowlist which will cause all future BFA detections that come from that IP to be ignored/skipped and not be counted by the Heimdal Agent as BFA detections.
Start remote session
Allows the MXDR Team to start a remote session on the endpoint on which there are Brute Force Attack detections.
Isolate endpoint
Allows the MXDR Team to isolate an endpoint on which there has been a Brute Force Attack detection.
Resolve
Allows the MXDR Team to set the status of alerts generated by the Firewall module to “Resolved”.
See also: What is MXDR?