InQuest
Version: InQuest Manager version 3.87.x or later
InQuest focuses its analysis on identifying, processing, and inspecting files downloaded over the web or received via email to detect malicious code in transit. In addition to threat detection, InQuest encounters sensitive data in motion like confidential documents and personally identifiable information.
Netsurion Open XDR facilitates monitoring events retrieved from the InQuest. It’s dashboard, category, alerts, and reports will benefit you in tracking possible attacks, suspicious activities, or any other threat noticed.
First, configure the InQuest to deliver events to the Netsurion Open XDR Manager, and then configure the dashboards and reports in Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | InQuest – Suspicious file detected | This alert gets triggered when the InQuest Malware detection engine detects a suspicious file with a high-risk score and a reasonably high Shannon entropy. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | InQuest – Potential SMTP threats | This report provides the details of emails or SMTP transfers that are potentially risky and may have malicious file attachments. |
| Security | InQuest – Malware and suspicious files | This report provides the details related to potential malware on systems based on the InQuest malware detection engine. |
| Security | InQuest – C2 engine detections | This report provides details of suspicious detections by the InQuest C2 engine. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 or later, and InQuest Manager version.
Download Integration Guide and How-to Guide for configuration instructions and more information.