Guest Leandro Posted September 15, 2021 Share Posted September 15, 2021 I created a task on ESET Protect in order to isolate computers from the network and a trigger that will run as soon as the AV detects 50 threats within 5 minutes. Basically what I want to do is to isolate a computer if the AV detects a variety of threats based on the number of occurrences in a period of time. I actually have a couple of questions. Firstly, how efficient is this method to prevent threats to replicate on the network? Secondly, What do I have to take into account when correlating the number of occurrences vs time period efficiently? I mean, The more occurrences in a short period of time, the more efficient will be? Last but not least, what do you guys consider when creating a trigger like this one based on the statistical approach? Sorry if I wasn't clear enough. Thanks in advance. Link to comment
Recommended Posts