The Endpoints page provides reporting and management of Data Defense deployments within your subscription including PIN Reset and changing Manual Lock states.
The interactive table contains detailed information about Data Defense deployments and hosts including name, Data Defense version, Manual Lock State, Active Lock state, Host OS, Last Logged in user, assigned group, effective policy and last connect time.
Manual Locks:
Manual Locks are controlled specifically from the console by Administrators. This can be useful during an ongoing investigation to ensure data protections are heightened on the endpoint. Administrators can manually Lock and Unlock an endpoint by selecting 1 or more endpoints in the table and clicking Lock/Unlock.
Active Lock:
Active Lock states are only changed by Data Defense sensors or third party integrations. Active Locks and Manual lock can both be on at the same time. It is not until the last lock has been cleared until normal state returns.
Effective policy:
Effective policy shows the currently assigned policy based on assigned group. Effective policies are changed immediately upon confirmation. Data Defense will reflect the change after next contact with the console ( usually in minutes when running. )
Policies are assigned to endpoints via group assignment. See the Group page for details on assigning policies to groups.
Clicking the endpoint name will open the endpoint details page with additional details and controls.
Status:
The Status tab provides a summary of Manual lock, Active Lock and Data Defense features. Toggle the Manual Lock control to change the lock status on the endpoint. This request will be send to endpoint the next time it contacts the console. If any Data Defense or Third-party sensors have engaged Active Lock on this endpoint, they will be listed below Active Lock status state.
Feature Status:
Feature Status provides a summary of Data Defense protections and basic sensors as of the last time configuration was reported.
Refresh:
The Refresh icon to the right of the endpoint name will force a full update of Data Defense settings to the console the next time it contacts the console.
Force Policy Reset:
Typically, when a policy enabled protection is removed or changed to a lower level of protection, Data Defense will not remove it automatically. It will allow the user to remove it once the policy is no longer enforcing it. Administrators can use the Force Policy Reset to sync the protections on the endpoint to exactly match the assigned policy including removal of non-user created protection. User created protections can only be removed by the user from the endpoint.
Overview:
The Overview tab provides details of Cigent deployment, system and discovered disks.
Cigent Secure SSDs will display the status of the Cigent features available on the drive including Keepalive, command logging and ransomware detection and if Cigent PBA is installed.
Active Lock Configuration:
Displays specifics of the protections enabled on the endpoint including both policy and user created protections.
Active Lock Configuration:
The Active Lock Configuration tab provides detailed Cigent protection and sensor configuration including file types being protected, Dynamic and Always On folders, deception files. The folders details now display the encryption status ( subscription or user ) along with details of the user who encrypted the folder.
Settings:
The Settings sections contains important communications and policy information as well as the last time these settings were updated on Cigent.
Networks:
Networks provides a list of trusted and untrusted networks in Cigent. The status indicates the currently connected network. Note that networks will not be displayed if the Trusted Network sensor is not enabled.
Authentication:
Authentication displays the list of Data Defense authentication methods along with the configuration status of each and which method is currently the default.