InQuest

Version: InQuest Manager version 3.87.x or later

InQuest focuses its analysis on identifying, processing, and inspecting files downloaded over the web or received via email to detect malicious code in transit. In addition to threat detection, InQuest encounters sensitive data in motion like confidential documents and personally identifiable information.

Netsurion Open XDR facilitates monitoring events retrieved from the InQuest. It’s dashboard, category, alerts, and reports will benefit you in tracking possible attacks, suspicious activities, or any other threat noticed.

First, configure the InQuest to deliver events to the Netsurion Open XDR Manager, and then configure the dashboards and reports in Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts                                                                              

Type Name Description
Security InQuest – Suspicious file detected This alert gets triggered when the InQuest Malware detection engine detects a suspicious file with a high-risk score and a reasonably high Shannon entropy.

Reports                                                                                                                    

Type Name Description
Security InQuest – Potential SMTP threats This report provides the details of emails or SMTP transfers that are potentially risky and may have malicious file attachments.
Security InQuest – Malware and suspicious files This report provides the details related to potential malware on systems based on the InQuest malware detection engine.
Security InQuest – C2 engine detections This report provides details of suspicious detections by the InQuest C2 engine.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 or later, and InQuest Manager version.

Download Integration Guide and How-to Guide for configuration instructions and more information.