Collect signals from ETP integration
When ETP is integrated with EAA, ETP will inform Device Posture about devices that ETP has determined to be compromised due to the presence of suspected malware activity.
In the EAA Management Portal, select .
The Device Posture Reports page appears.
- On the Inventory tab, select Compromised Device - ETP from the Select Criteria field. When prompted for the value, select Yes.
The report generates and displays all devices that experiences a compromise event.
- Click a device in the Device Name column to display the Device Details report.
- In the Device Details report, click View Compromised Device Events to display the ETP events collected from the device.
To ignore the detected threat
events for Device Posture evaluation, click Ignore Threats in
the Threats tab. This will also clear the displayed threats.
Note: Ignoring threats does not address the source of the threat on the device. Ignoring provides the admin a way to ignore detected threat events for Device Posture evaluation.
To include detection of ETP compromised devices in risk assessments and application ACLs, add the following rule to tiers and tags:
- Compromised Device - ETP > [Not Detected]
- ETP Client Status > Installed