Units

Security tests are separated into units

Suggest Edits

Each test is coded against a specific security policy unit.

Health

About

Health tests monitor various configurations and settings on an endpoint to ensure they are in good standing.

Approach

A basic health check is scheduled by default for new Prelude accounts. This test ensures the "pipes are clean" for running future security tests. There are a variety of other health checks that can be enabled which focus on the health and safety of the endpoint.

Resolution

If an endpoint is failing a health test, it should be investigated and resolved. Health tests are expected to report 100% protected and a failure means the host is not in good standing.

Response

About

Response tests evoke feedback from each one of your endpoints: is it protected or unprotected from a known threat? Each test runs a series of behaviors associated to a real-world threat and records whether the endpoint prevented it or not. When a threat becomes high-impact enough to show up on a government advisory, the corresponding tests are promoted inside Detect.

Approach

Response tests exit with a granular code describing what happened during execution. This code determines at which point the test was stopped by a defensive control or configuration.

There are three primary control types that may block a test:

  1. Antivirus protection: static analysis identifies the test as malicious before execution.
  2. Next-Generation antivirus protection: the test is stopped during execution because of behaviors it displays.
  3. Network protection: an attempted download from the test is stopped by a firewall or IDS.

Resolution

If a response test fails in your environment, ensure you have an EDR running with appropriate policies. If you have a partner EDR attached to your account all failed tests will be reported so it can self-resolve. Running Detect tests continuously (daily) will highlight when a fix is pushed to the EDR.

Update

About

Update tests monitor the software and hardware in place on each endpoint to ensure it is of the latest version.

Files

About

File tests monitor the hard drives to ensure nothing sensitive is written to disk.

Updated 11 months ago