Comodo Endpoint Protection
Version: Comodo Endpoint Protection
Comodo Endpoint Protection (EP) is a powerful event analysis tool that provides real-time monitoring and detection of malicious events on Windows Endpoints.?Endpoint Protection?allows you to view the threats in a detailed timeline and instantly alerts about an attack.
Comodo Endpoint protection agent writes events automatically on Windows event viewer. Netsurion Open XDR agent picks logs and sends to Netsurion Open XDR. Comodo sends events like antivirus scan, HIPS, HIDS, containment, file rating, autorun, and configuration changes. Generates reports on potentially unwanted applications, antivirus scan detail, file rating, intrusion activities, configuration changes on Endpoint, alerts, threats detected, and unwanted files removed, etc. It contains username, client IP address, status, action, file path, file name, and hash. Graphically displays threat detected by file name, device name, device IP, file management Intrusion detected by filename, etc.
- Security – Containment (unknown or potentially unwanted applications) events, Intrusion prevention system events, File rating events
- Operations – Antivirus scan events, Antivirus update events, autorun events
- Compliance – Configuration changes events
After Comodo EP is configured to deliver events to Netsurion Open XDR, then alerts, dashboards, and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Comodo EP – Threat detected | This alert will trigger whenever a threat is detected on the host. |
| Security | Comodo EP – Unrecognized files removed | This alert will trigger whenever the Comodo Endpoint removes the unrecognized file from the host. |
| Compliance | Comodo EP – Configuration changes | This alert will trigger whenever the Comodo Endpoint configuration changes. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Comodo EP – unknown and potentially unsafe applications | This report provides information related to unknown or potentially unsafe applications. It provides information like IP address, file path, parent path, file rating, reason, device name, and device external id. |
| Security | Comodo EP – Host Intrusion Prevention System activities | This report provides information related to intrusion prevention system activities captured by Comodo HIPS. It provides details like username, target path, file path, file name, reason, action, user privilege, device IP, etc. |
| Security | Comodo EP – File rating | This report provides information related to file rating for applications as trusted, unrecognized, and malicious. It provides information like file path, action, reason, old rating, new rating, source rating, file hash, device name, and device IP. |
| Operations | Comodo EP – Autorunning process | This report provides information related to the running process automatically in the host. It shows details like file path, file hash, reason, and IP address. |
| Operations | Comodo EP – Scan detail | This report provides information related to antivirus scan details like action, reason, device name, device IP, scan file count, unrecognized file count, username, etc. |
| Compliance | Comodo EP – Configuration changes | This report provides information related to configuration changes on Comodo Endpoint protection. It provides information like IP address, old value, new value, reason, action, and context. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.2 and later, and Comodo Endpoint Protection.
Download Integration Guide and How-to Guide for configuration instructions and more information.