Jump to content

Detection being automatically resolved now ?


karsayor
 Share

Recommended Posts

Hello

Until a few weeks / months, I had to go in the detection tab to resolve most events like web control blocking URL, or pua connection terminated, incoming generic attack blocked, etc..

Now these detections seems to be auto resolved and in detection details it's written "Resolved" and "Handled by product".

Is this normal and can it be explained because I could not find if it's a change or any issue in our console :)

Edited by karsayor
Link to comment
Share on other sites

  • Administrators

If I remember correctly, auto resolution of detections was added in ESMC v7.

Link to comment
Share on other sites

Hum ok, I really feel like it has changed last weeks / months even though we had version 7 for a very long time and I always had to resolve a lot of these manually, I'm suprised.

Link to comment
Share on other sites

In this case, how do you check / change / know what type of event is auto resolved and what isn't ?

Link to comment
Share on other sites

  • ESET Staff
5 hours ago, karsayor said:

Hum ok, I really feel like it has changed last weeks / months even though we had version 7 for a very long time and I always had to resolve a lot of these manually, I'm suprised.

Actually it has probably changed as set of detection types that are resolved automatically has been extended. If I recall correctly, recent addition is "firewall" type of detections, but it might be also dependent on version of ESET security products used in environment.
Regarding mechanisms itself, it is based on data as received from ESET security products, where crucial for automatic resolution is that detection is marked as handled/resolved/cleaned, i.e. that it is a detection that does not require any further actions as it was resolved either by blocking or removing malicious content.

Link to comment
Share on other sites

Ok in this case it is a good move, it makes much more sense that a successful block / remove / clean is auto resolved. Before it was unclear whether we still had something to do or not sometimes. I just regret that I wasn't aware of this change, I don't remember having seen it in the changelog - or maybe I missed it ?

 

Link to comment
Share on other sites

  • ESET Staff
29 minutes ago, karsayor said:

Ok in this case it is a good move, it makes much more sense that a successful block / remove / clean is auto resolved. Before it was unclear whether we still had something to do or not sometimes. I just regret that I wasn't aware of this change, I don't remember having seen it in the changelog - or maybe I missed it ?

 

Checked that and it was present in changelog of original 7.2 release:

Quote

Added: Automatic resolution of firewall logs and filtered websites

but it might have been superseded by change-log for hotfix release of 7.2, which might cause confusion.

Link to comment
Share on other sites

All clear thanks I missed it. By the way, thank you for your products, you are doing great job !

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...